CVE-2017-10668

MEDIUM Year: 2017
CVSS v3 Score
5.9
Medium
CVSS v2 Score
4.3
Medium
Weakness Type
CWE-327
View all →

Vulnerability Description

A Padding Oracle exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET). Under an MITM condition within the OSCI infrastructure, an attacker needs to send crafted protocol messages to analyse the CBC mode padding in order to decrypt the transport encryption.

Related Vulnerabilities

CVE-2011-2487

MEDIUM
CVSS:5.9(Medium)

The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack.

CWE-3272011

CVE-2017-17167

MEDIUM
CVSS:5.9(Medium)

Huawei DP300 V500R002C00; TP3206 V100R002C00; ViewPoint 9030 V100R011C02; V100R011C03 have a use of a broken or risky cryptographic algorithm vulnerability. The software uses risky cryptographic algor...

CWE-3272017

CVE-2017-17382

MEDIUM
CVSS:5.9(Medium)

Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.5 before build 67.13, 11.0 before build 71.22, 11.1 before build 56.19, and 12.0 before build 53.22 might allow remote a...

CWE-3272017

CVE-2017-17428

MEDIUM
CVSS:5.9(Medium)

Cavium Nitrox SSL, Nitrox V SSL, and TurboSSL software development kits (SDKs) allow remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a ROBOT atta...

CWE-3272017

CVE-2017-8157

MEDIUM
CVSS:5.9(Medium)

OceanStor 5800 V3 with software V300R002C00 and V300R002C10, OceanStor 6900 V3 V300R001C00 has an information leakage vulnerability. Products use TLS1.0 to encrypt. Attackers can exploit TLS1.0's vuln...

CWE-3272017

CVE-2017-8191

MEDIUM
CVSS:5.9(Medium)

FusionSphere OpenStack V100R006C00SPC102(NFV)has a week cryptographic algorithm vulnerability. Attackers may exploit the vulnerability to crack the cipher text and cause information leak on the transm...

CWE-3272017