Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2015-7940HistoryNov 09, 2015 - 4:59 p.m.
CVE-2015-7940
2015-11-0916:59:09
Debian Security Bug Tracker
security-tracker.debian.org
29
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
EPSS
0.002
Percentile
64.8%
The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an “invalid curve attack.”
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | bouncycastle | < 1.51-1 | bouncycastle_1.51-1_all.deb |
| Debian | 11 | all | bouncycastle | < 1.51-1 | bouncycastle_1.51-1_all.deb |
| Debian | 999 | all | bouncycastle | < 1.51-1 | bouncycastle_1.51-1_all.deb |
| Debian | 13 | all | bouncycastle | < 1.51-1 | bouncycastle_1.51-1_all.deb |
Related
fedora
fedora
[SECURITY] Fedora 22 Update: bouncycastle-1.50-8.fc22
2016-01-04 19:58:14
osv
osv
Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15
2018-10-17 16:27:50
bouncycastle - security update
2015-12-08 00:00:00
bouncycastle-1.54-1.2 on GA media
2024-06-15 00:00:00
suse
suse
Security update for bouncycastle (important)
2015-11-04 17:17:31
ibm
ibm
nessus
nessus
Debian DSA-3417-1 : bouncycastle - security update
2015-12-15 00:00:00
Debian DLA-361-1 : bouncycastle security update
2015-12-09 00:00:00
Oracle JDeveloper Information Disclosure Vulnerability (July 2018 CPU)
2018-07-25 00:00:00
openvas
openvas
openSUSE: Security Advisory for bouncycastle (openSUSE-SU-2015:1911-1)
2015-11-05 00:00:00
Debian: Security Advisory (DLA-361-1)
2023-03-08 00:00:00
Mageia: Security Advisory (MGASA-2015-0487)
2015-12-29 00:00:00
cvelist
cvelist
CVE-2015-7940
2015-11-09 16:00:00
cve
cve
CVE-2015-7940
2015-11-09 16:59:09
f5
f5
K10105323 : Java Bouncy Castle vulnerability CVE-2015-7940
2018-05-22 00:00:00
debian
debian
[SECURITY] [DLA 361-1] bouncycastle security update
2015-12-08 11:28:10
[SECURITY] [DSA 3417-1] bouncycastle security update
2015-12-14 12:51:06
[SECURITY] [DSA 3417-1] bouncycastle security update
2015-12-14 12:51:06
github
github
prion
prion
Information disclosure
2015-11-09 16:59:00
nvd
nvd
CVE-2015-7940
2015-11-09 16:59:09
ubuntucve
ubuntucve
CVE-2015-7940
2015-11-09 00:00:00
mageia
mageia
Updated bouncycastle packages fix security vulnerability
2015-12-28 22:23:26
redhat
redhat
(RHSA-2016:2036) Important: Red Hat JBoss A-MQ 6.3 security update
2016-10-06 16:16:19
(RHSA-2016:2035) Important: Red Hat JBoss Fuse 6.3 security update
2016-10-06 16:16:07
ubuntu
ubuntu
Bouncy Castle vulnerabilities
2018-08-01 00:00:00
atlassian
atlassian
Upgrade Bouncy Castle to fix multiple CVEs
2020-02-21 08:37:09
Upgrade Bouncy Castle to fix multiple CVEs
2020-02-21 08:37:09
oracle
oracle
Oracle Critical Patch Update - April 2018
2018-04-17 00:00:00
Oracle Critical Patch Update Advisory - January 2019
2019-01-15 00:00:00
Oracle Critical Patch Update - October 2016
2016-10-18 00:00:00
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
EPSS
0.002
Percentile
64.8%
Related for DEBIANCVE:CVE-2015-7940