CVE-2006-5201
https://notcve.org/view.php?id=CVE-2006-5201
Multiple packages on Sun Solaris, including (1) NSS; (2) Java JDK and JRE 5.0 Update 8 and earlier, SDK and JRE 1.4.x up to 1.4.2_12, and SDK and JRE 1.3.x up to 1.3.1_19; (3) JSSE 1.0.3_03 and earlier; (4) IPSec/IKE; (5) Secure Global Desktop; and (6) StarOffice, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents these products from correctly verifying X.509 and other certificates that use PKCS #1. Múltiples paquetes sobre Sun Solaris, incluyendo (1) NSS; (2) Java JDK and JRE 5.0 Update 8 y anteriores, SDK y JRE 1.4.x hasta 1.4.2_12, y SDK y JRE 1.3.x hasta 1.3.1_19; (3) JSSE 1.0.3_03 y anteriores; (4) IPSec/IKE; (5) Secure Global Desktop; y (6) StarOffice, cuando se usa una llave RSA con un exponente 3, elimina el relleno PKCS-1 antes de generar un hash, lo cual permite a un atacante remoto falsificar una firma PKCS #1 v1.5 que esta firmada por una llave RSA y evita que estos productos verifiquen correctamente X.509 y otros certificados que utilicen PKCS #1. • http://secunia.com/advisories/22204 http://secunia.com/advisories/22226 http://secunia.com/advisories/22325 http://secunia.com/advisories/22992 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102657-1 http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm http://www.kb.cert.org/vuls/id/845620 http://www.vupen.com/english/advisories/2006/3898 http://www.vupen.com/english/advisories/2006 •
CVE-2004-2393
https://notcve.org/view.php?id=CVE-2004-2393
Java Secure Socket Extension (JSSE) 1.0.3 through 1.0.3_2 does not properly validate the certificate chain of a client or server, which allows remote attackers to falsely authenticate peers for SSL/TLS. • http://secunia.com/advisories/11639 http://securitytracker.com/id?1010193 http://sunsolve.sun.com/search/document.do?assetkey=1-26-57560-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-201724-1 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1001273.1-1 http://www.osvdb.org/6299 http://www.securityfocus.com/bid/10387 https://exchange.xforce.ibmcloud.com/vulnerabilities/16194 •
CVE-2003-1229
https://notcve.org/view.php?id=CVE-2003-1229
X509TrustManager in (1) Java Secure Socket Extension (JSSE) in SDK and JRE 1.4.0 through 1.4.0_01, (2) JSSE before 1.0.3, (3) Java Plug-in SDK and JRE 1.3.0 through 1.4.1, and (4) Java Web Start 1.0 through 1.2 incorrectly calls the isClientTrusted method when determining server trust, which results in improper validation of digital certificate and allows remote attackers to (1) falsely authenticate peers for SSL or (2) incorrectly validate signed JAR files. • http://archives.neohapsis.com/archives/bugtraq/2003-01/0334.html http://java.sun.com/products/jsse/CHANGES.txt http://secunia.com/advisories/7943 http://securitytracker.com/id?1006007 http://securitytracker.com/id?1007483 http://sunsolve.sun.com/search/document.do?assetkey=1-26-50081-1 http://www.securityfocus.com/bid/6682 http://www.securitytracker.com/id?1006001 http://www1.itrc.hp.com/service/cki/docDisplay.do? • CWE-295: Improper Certificate Validation •