CVE-2016-6298

{"id": "CVE-2016-6298", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.6}]}, "published": "2016-09-01T23:59:01.160", "references": [{"url": "http://www.securityfocus.com/bid/92729", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "https://github.com/latchset/jwcrypto/commit/eb5be5bd94c8cae1d7f3ba9801377084d8e5a7ba", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://github.com/latchset/jwcrypto/issues/65", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://github.com/latchset/jwcrypto/pull/66", "tags": ["Issue Tracking", "Patch"], "source": "secalert@redhat.com"}, {"url": "https://github.com/latchset/jwcrypto/releases/tag/v0.3.2", "tags": ["Patch", "Vendor Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "The _Rsa15 class in the RSA 1.5 algorithm implementation in jwa.py in jwcrypto before 0.3.2 lacks the Random Filling protection mechanism, which makes it easier for remote attackers to obtain cleartext data via a Million Message Attack (MMA)."}, {"lang": "es", "value": "La clase _Rsa15 en la implementaci\u00f3n de algoritmo RSA 1.5 en jwa.py en jwcrypto en versiones anteriores a 0.3.2 carece del mecanismo de protecci\u00f3n Random Filling, lo que facilita a atacantes remotos obtener datos en texto plano a trav\u00e9s de un Million Message Attack (MMA)."}], "lastModified": "2024-11-01T14:36:23.500", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:latchset:jwcrypto:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3D621897-7527-4674-BC69-A6C1C2D76D49", "versionEndExcluding": "0.3.2"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}