WEB APPLICATION VULNERABILITIES Standard & Premium

Oracle Application Server Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2018-0735)

Description

The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).

Remediation

References

Related Vulnerabilities

PrestaShop Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2018-20717)

WordPress Plugin Video Embed & Thumbnail Generator Cross-Site Scripting (4.0.3)

MySQL Cryptographic Issues Vulnerability (CVE-2003-1480)

WordPress Plugin InstaWP Connect-1-click WP Staging & Migration Security Bypass (0.1.0.8)

Oracle Database Server Other Vulnerability (CVE-2007-1442)

Severity

Medium

Classification

CVE-2018-0735 CWE-327 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities