Bouncy Castle CVE-2018-1000180 Security Weakness
BID:106567
CVE-2018-1000180 |Info
Bouncy Castle CVE-2018-1000180 Security Weakness
| Bugtraq ID: | 106567 |
| Class: | Design Error |
| CVE: |
CVE-2018-1000180 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 18 2018 12:00AM |
| Updated: | Jul 17 2019 07:00AM |
| Credit: | Bernd Eckenfels |
| Vulnerable: |
Redhat Virtualization 4 Redhat Software Collections for RHEL 0 Redhat Satellite 6 Redhat Openshift Application Runtimes 1.0 Redhat JBoss Fuse 6.0 Oracle Weblogic Server 12.2.1.3 Oracle WebCenter Portal 12.2.1.3.0 Oracle WebCenter Portal 11.1.1.9.0 Oracle SOA Suite 12.2.1.3.0 Oracle SOA Suite 12.1.3.0.0 Oracle Retail Xstore Point of Service 7.1 Oracle Retail Xstore Point of Service 7.0 Oracle Retail Convenience and Fuel POS Software 2.8.1 Oracle PeopleSoft Enterprise PeopleTools 8.57 Oracle PeopleSoft Enterprise PeopleTools 8.56 Oracle PeopleSoft Enterprise PeopleTools 8.55 Oracle Managed File Transfer 12.2.1.3.0 Oracle Managed File Transfer 12.1.3.0.0 Oracle Enterprise Repository 12.1.3.0.0 Oracle Enterprise Manager for Fusion Middleware 13.3 Oracle Enterprise Manager for Fusion Middleware 13.2 Oracle Data Integrator 12.2.1.3.0 Oracle Communications WebRTC Session Controller 7.1 Oracle Communications WebRTC Session Controller 7.0 Oracle Communications Convergence 3.0.2 Oracle Communications Converged Application Server 7.0 Oracle Communications Application Session Controller 3.8 Oracle Communications Application Session Controller 3.7.1 Oracle Business Transaction Management 12.1.0 Oracle Business Process Management Suite 12.2.1.3.0 Oracle Business Process Management Suite 12.1.3.0.0 Oracle Business Process Management Suite 11.1.1.9.0 Oracle API Gateway 11.1.2.4.0 Bouncycastle Fips Java Api 1.0.1 Bouncycastle Fips Java Api 1.0 Bouncycastle Bouncy Castle 1.59 Bouncycastle Bouncy Castle 1.54 |
| Not Vulnerable: |
Oracle Communications WebRTC Session Controller 7.2 Oracle Communications Converged Application Server 7.0.0.1 Bouncycastle Fips Java Api 1.0.2 Bouncycastle Bouncy Castle 1.60 Beta4 |
Discussion
Bouncy Castle CVE-2018-1000180 Security Weakness
Bouncy Castle is prone to a security weakness.
Successfully exploiting this issue will allow attackers to perform unauthorized actions; this may aid in launching further attacks.
Bouncy Castle is prone to a security weakness.
Successfully exploiting this issue will allow attackers to perform unauthorized actions; this may aid in launching further attacks.
Exploit / POC
Bouncy Castle CVE-2018-1000180 Security Weakness
The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.
The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.
Solution / Fix
Bouncy Castle CVE-2018-1000180 Security Weakness
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
Bouncy Castle CVE-2018-1000180 Security Weakness
References:
References:
- Bouncy Castle Homepage (Bouncy Castle)
- Bug 1588306 (CVE-2018-1000180) - CVE-2018-1000180 bouncycastle: flaw in the low- (Red Hat Bugzilla)
- CVE-2018-1000180 (Red Hat Bugzilla)
- RSA Key Generation: computation of iterations for MR Primality Test (Bouncycastle)
- Oracle Critical Patch Update Advisory - April 2019 (Oracle)
- Oracle Critical Patch Update Advisory - January 2019 (Oracle)
- Oracle Critical Patch Update Advisory - July 2019 (Oracle)