CVE-2015-7940

The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an "invalid curve attack."
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:bouncycastle:bouncy_castle_crypto_package:*:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:oracle:virtual_desktop_infrastructure:3.5.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.1.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.54:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:application_testing_suite:12.5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:application_testing_suite:12.5.0.1:*:*:*:*:*:*:*

Information

Published : 2015-11-09 08:59

Updated : 2019-01-16 11:29


NVD link : CVE-2015-7940

Mitre link : CVE-2015-7940


JSON object : View

CWE
CWE-310

Cryptographic Issues

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

Advertisement

dedicated server usa

Products Affected

oracle

  • peoplesoft_enterprise_peopletools
  • application_testing_suite
  • virtual_desktop_infrastructure
  • enterprise_manager_ops_center

opensuse

  • leap
  • opensuse

bouncycastle

  • bouncy_castle_crypto_package