Bouncy Castle CVE-2018-1000180 Security Weakness



Bouncy Castle is prone to a security weakness.
Successfully exploiting this issue will allow attackers to perform unauthorized actions; this may aid in launching further attacks.

Information

Bugtraq ID: 106567
Class: Design Error
CVE: CVE-2018-1000180

Remote: Yes
Local: No
Published: Apr 18 2018 12:00AM
Updated: Apr 17 2019 09:00AM
Credit: Bernd Eckenfels
Vulnerable: Redhat Virtualization 4
Redhat Software Collections for RHEL 0
Redhat Satellite 6
Redhat Openshift Application Runtimes 1.0
Redhat JBoss Fuse 6.0
Oracle Weblogic Server 12.2.1.3
Oracle WebCenter Portal 12.2.1.3.0
Oracle WebCenter Portal 11.1.1.9.0
Oracle SOA Suite 12.2.1.3.0
Oracle SOA Suite 12.1.3.0.0
Oracle Retail Xstore Point of Service 7.1
Oracle Retail Xstore Point of Service 7.0
Oracle Retail Convenience and Fuel POS Software 2.8.1
Oracle PeopleSoft Enterprise PeopleTools 8.57
Oracle PeopleSoft Enterprise PeopleTools 8.56
Oracle PeopleSoft Enterprise PeopleTools 8.55
Oracle Managed File Transfer 12.2.1.3.0
Oracle Managed File Transfer 12.1.3.0.0
Oracle Enterprise Repository 12.1.3.0.0
Oracle Communications WebRTC Session Controller 7.1
Oracle Communications WebRTC Session Controller 7.0
Oracle Communications Converged Application Server 7.0
Oracle Communications Application Session Controller 3.8
Oracle Communications Application Session Controller 3.7.1
Oracle Business Transaction Management 12.1.0
Oracle Business Process Management Suite 12.2.1.3.0
Oracle Business Process Management Suite 12.1.3.0.0
Oracle Business Process Management Suite 11.1.1.9.0
Oracle API Gateway 11.1.2.4.0
Bouncycastle Fips Java Api 1.0.1
Bouncycastle Fips Java Api 1.0
Bouncycastle Bouncy Castle 1.59
Bouncycastle Bouncy Castle 1.54


Not Vulnerable: Oracle Communications WebRTC Session Controller 7.2
Oracle Communications Converged Application Server 7.0.0.1
Bouncycastle Fips Java Api 1.0.2
Bouncycastle Bouncy Castle 1.60 Beta4


Exploit


The researcher has created a proof-of-concept to demonstrate the issue. Please see the references for more information.


Related Posts