WEB APPLICATION VULNERABILITIES Standard & Premium

Oracle Application Server Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2018-0735)

Description

The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).

Remediation

References

Related Vulnerabilities

Jenkins Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2017-2612)

Drupal Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2017-6931)

Drupal Core 9.2.x Security Bypass (9.2.0 - 9.2.17)

WordPress Plugin Sendit WP Newsletter 'id' Parameter SQL Injection (2.1.0)

WordPress Plugin Couponer 'print-coupon.php' SQL Injection (1.2)

Severity

Medium

Classification

CVE-2018-0735 CWE-327 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities