-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CVE-2016-1000346 (Low) detected in multiple libraries - autoclosed - autoclosed - autoclosed - autoclosed - autoclosed - autoclosed - autoclosed - autoclosed #9
Comments
✔️ This issue was automatically closed by WhiteSource because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the WhiteSource inventory. |
✔️ This issue was automatically closed by WhiteSource because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the WhiteSource inventory. |
✔️ This issue was automatically closed by WhiteSource because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the WhiteSource inventory. |
1 similar comment
✔️ This issue was automatically closed by WhiteSource because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the WhiteSource inventory. |
✔️ This issue was automatically closed by WhiteSource because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the WhiteSource inventory. |
✔️ This issue was automatically closed by WhiteSource because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the WhiteSource inventory. |
✔️ This issue was automatically closed by WhiteSource because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the WhiteSource inventory. |
✔️ This issue was automatically closed by WhiteSource because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the WhiteSource inventory. |
CVE-2016-1000346 - Low Severity Vulnerability
bcprov-jdk15-1.44.jar
The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.5.
Library home page: http://www.bouncycastle.org/java.html
Path to dependency file: ready-msazure-plugin/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/bouncycastle/bcprov-jdk15/144/bcprov-jdk15-144.jar
Dependency Hierarchy:
bcprov-jdk14-138.jar
The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. The package is organised so that it contains a light-weight API suitable for use in any environment (including the newly released J2ME) with the additional infrastructure to conform the algorithms to the JCE framework.
Library home page: http://www.bouncycastle.org/java.html
Path to dependency file: ready-msazure-plugin/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/bouncycastle/bcprov-jdk14/1.38/bcprov-jdk14-1.38.jar,/home/wss-scanner/.m2/repository/bouncycastle/bcprov-jdk14/138/bcprov-jdk14-138.jar
Dependency Hierarchy:
bcprov-jdk15-1.45.jar
The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.5.
Library home page: http://www.bouncycastle.org/java.html
Path to dependency file: ready-msazure-plugin/pom.xml
Path to vulnerable library: /home/wss-scanner/.m2/repository/org/bouncycastle/bcprov-jdk15/1.45/bcprov-jdk15-1.45.jar
Dependency Hierarchy:
Found in HEAD commit: 6da360f7efcb6c16cd8cd38894e0c0c71403d439
Found in base branch: master
In the Bouncy Castle JCE Provider version 1.55 and earlier the other party DH public key is not fully validated. This can cause issues as invalid keys can be used to reveal details about the other party's private key where static Diffie-Hellman is in use. As of release 1.56 the key parameters are checked on agreement calculation.
Publish Date: 2018-06-04
URL: CVE-2016-1000346
Base Score Metrics:
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1000346
Release Date: 2018-06-04
Fix Resolution: org.bouncycastle:bcprov-debug-jdk15on:1.56,org.bouncycastle:bcprov-debug-jdk14:1.56,org.bouncycastle:bcprov-ext-jdk14:1.56,org.bouncycastle:bcprov-ext-jdk15on:1.56,org.bouncycastle:bcprov-jdk14:1.56,org.bouncycastle:bcprov-jdk15on:1.56,org.bouncycastle:bcprov-ext-debug-jdk15on:1.56
The text was updated successfully, but these errors were encountered: