CVE-2015-7940

The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an "invalid curve attack."

Published : 2015-11-09 16:59 Updated : 2019-01-16 19:29

5.0
CVSS Score More info
Score 5.0 / 10
5.0
Vendor Product Version URI
Oracle Application Testing Suite 12.5.0.3 cpe:/a:oracle:application_testing_suite:12.5.0.3
Oracle Peoplesoft Enterprise Peopletools 8.55 cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.55
Oracle Application Testing Suite 12.5.0.2 cpe:/a:oracle:application_testing_suite:12.5.0.2
Oracle Application Testing Suite 12.5.0.1 cpe:/a:oracle:application_testing_suite:12.5.0.1
Oracle Peoplesoft Enterprise Peopletools 8.54 cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.54
Oracle Enterprise Manager Ops Center 12.2.2 cpe:/a:oracle:enterprise_manager_ops_center:12.2.2
Oracle Enterprise Manager Ops Center 12.1.4 cpe:/a:oracle:enterprise_manager_ops_center:12.1.4
Bouncycastle Bouncy Castle Crypto Package 1.50 cpe:/a:bouncycastle:bouncy_castle_crypto_package:1.50
Oracle Virtual Desktop Infrastructure 3.5.2 cpe:/a:oracle:virtual_desktop_infrastructure:3.5.2
Opensuse Leap 42.1 cpe:/o:opensuse:leap:42.1
Opensuse Opensuse 13.1 cpe:/o:opensuse:opensuse:13.1
Opensuse Opensuse 13.2 cpe:/o:opensuse:opensuse:13.2
  1. Opensuse (2) Search CVE
    1. Opensuse (2) Search CVE
      1. 13.1
      2. 13.2
    2. Leap (1) Search CVE
      1. 42.1
  2. Oracle (4) Search CVE
    1. Virtual Desktop Infrastructure (1) Search CVE
      1. 3.5.2
    2. Peoplesoft Enterprise Peopletools (2) Search CVE
      1. 8.55
      2. 8.54
    3. Enterprise Manager Ops Center (2) Search CVE
      1. 12.2.2
      2. 12.1.4
    4. Application Testing Suite (3) Search CVE
      1. 12.5.0.3
      2. 12.5.0.2
      3. 12.5.0.1
  3. Bouncycastle (1) Search CVE
    1. Bouncy Castle Crypto Package (1) Search CVE
      1. 1.50

CWE

ID Name Description Links
CWE-310 Cryptographic Issues Weaknesses in this category are related to the use of cryptography. CVE
CWE-200 Information Exposure An information exposure is the intentional or unintentional disclosure of information to an actor that is not explicitly authorized to have access to that information. CVE

History of changes

Date Event
2019-01-16 19:29
2018-10-30 16:27
2018-08-03 01:29
2018-07-19 01:29
2018-04-20 01:29
2018-01-18 18:18
2018-01-05 02:30
2017-10-20 01:29
2017-08-09 05:26
2017-07-31 21:20
2015-11-09 16:59

New CVE