// For flags

CVE-2016-5430

 

Severity Score

5.3
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The RSA 1.5 algorithm implementation in the JOSE_JWE class in JWE.php in jose-php before 2.2.1 lacks the Random Filling protection mechanism, which makes it easier for remote attackers to obtain cleartext data via a Million Message Attack (MMA).

La implementación del algoritmo RSA 1.5 en la clase JOSE_JWE en JWE.php en jose-php en versiones anteriores a 2.2.1 carece del mecanismo de protección Random Filling, lo que hace más fácil a atacantes remotos obtener datos en texto plano a través de un Million Message Attack (MMA).

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2016-06-10 CVE Reserved
  • 2016-09-03 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
  • CWE-310: Cryptographic Issues
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Jose-php Project
Search vendor "Jose-php Project"
 Jose-php
Search vendor "Jose-php Project" for product "Jose-php"
 < 2.2.1
Search vendor "Jose-php Project" for product "Jose-php" and version " < 2.2.1"
-
Affected