CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0CVE-2018-11070 – RSA BSAFE SSL-J / Crypto-J Heap Clearing / Timing Channel
https://notcve.org/view.php?id=CVE-2018-11070
07 Sep 2018 — RSA BSAFE Crypto-J versions prior to 6.2.4 and RSA BSAFE SSL-J versions prior to 6.2.4 contain a Covert Timing Channel vulnerability during PKCS #1 unpadding operations, also known as a Bleichenbacher attack. A remote attacker may be able to recover a RSA key. RSA BSAFE Crypto-J en versiones anteriores a la 6.2.4 y RSA BSAFE SSL-J en versiones anteriores a la 6.2.4 contienen una vulnerabilidad de canal de tiempo oculto durante las operaciones de "unpadding" PKCS #1. Esto también se conoce como ataque Bleich... • http://www.securitytracker.com/id/1041614 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2014-0626 – RSA BSAFE SSL-J DoS / Disclosure
https://notcve.org/view.php?id=CVE-2014-0626
17 Feb 2014 — The (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 make it easier for remote attackers to bypass intended cryptographic protection mechanisms by triggering application-data processing during the TLS handshake, a time at which the data is both unencrypted and unauthenticated. Las APIs (1) JSAFE y (2) JSSE en EMC RSA BSAFE SSL-J 5.x anterior a 5.1.3 y 6.x anterior a 6.0.2 facilitan a atacantes remotos evadir mecanismos de protección criptográfica mediante el aprovecha... • http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html • CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2014-0625 – RSA BSAFE SSL-J DoS / Disclosure
https://notcve.org/view.php?id=CVE-2014-0625
17 Feb 2014 — The SSLSocket implementation in the (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to cause a denial of service (memory consumption) by triggering application-data processing during the TLS handshake, a time at which the data is internally buffered. La implementación SSLSocket en las APIs (1) JSAFE y (2) JSSE en EMC RSA BSAFE SSL-J 5.x anterior a 5.1.3 y 6.x anterior a 6.0.2 permite a atacantes remotos causar una denegación de servicio (consu... • http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html • CWE-399: Resource Management Errors •
CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 0CVE-2014-0627 – RSA BSAFE SSL-J DoS / Disclosure
https://notcve.org/view.php?id=CVE-2014-0627
17 Feb 2014 — The SSLEngine API implementation in EMC RSA BSAFE SSL-J 5.x before 5.1.3 and 6.x before 6.0.2 allows remote attackers to trigger the selection of a weak cipher suite by using the wrap method during a certain incomplete-handshake state. La implementación API SSLEngine en EMC RSA BSAFE SSL-J 5.x anterior a 5.1.3 y 6.x anterior a 6.0.2 permite a atacantes remotos provocar la selección de una suite de cifrado débil mediante el uso del método Wrap durante cierto estado del handshake incompleto. RSA BSAFE SSL-J v... • http://archives.neohapsis.com/archives/bugtraq/2014-02/0061.html • CWE-310: Cryptographic Issues •