CVE-2013-1624 (Medium) detected in bcprov-jdk15on-1.46.jar #966
Labels
security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-bolt-for-github
bot
added
the
security vulnerability
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CVE-2013-1624 - Medium Severity Vulnerability
The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.5 to JDK 1.7.
Library home page: http://www.bouncycastle.org/java.html
Path to dependency file: madness/sub7/pom.xml
Path to vulnerable library: canner/.m2/repository/org/bouncycastle/bcprov-jdk15on/1.46/bcprov-jdk15on-1.46.jar,madness/sub7/target/madness-sub7/WEB-INF/lib/bcprov-jdk15on-1.46.jar
Dependency Hierarchy:
Found in HEAD commit: 5efacc343770cbc0e414475474985665191deca8
The TLS implementation in the Bouncy Castle Java library before 1.48 and C# library before 1.8 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.
Publish Date: 2013-02-08
URL: CVE-2013-1624
Base Score Metrics not available
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1624
Release Date: 2013-02-08
Fix Resolution: org.bouncycastle:bcprov-jdk15on:1.48;org.bouncycastle:bcprov-jdk14:1.48
Step up your Open Source Security Game with WhiteSource here
The text was updated successfully, but these errors were encountered: