CVE-2015-7940

The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an "invalid curve attack."
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:bouncycastle:bouncy_castle_crypto_package:*:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:oracle:application_testing_suite:12.5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:application_testing_suite:12.5.0.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.1.4:*:*:*:*:*:*:*
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.54:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*
cpe:2.3:a:oracle:virtual_desktop_infrastructure:3.5.2:*:*:*:*:*:*:*

History

No history.

Information

Published : 2015-11-09 16:59

Updated : 2024-02-04 18:53


NVD link : CVE-2015-7940

Mitre link : CVE-2015-7940

CVE.ORG link : CVE-2015-7940


JSON object : View

Products Affected

oracle

  • application_testing_suite
  • peoplesoft_enterprise_peopletools
  • virtual_desktop_infrastructure
  • enterprise_manager_ops_center

opensuse

  • opensuse
  • leap

bouncycastle

  • bouncy_castle_crypto_package
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CWE-310

Cryptographic Issues