CVE-2006-5201
4.0
Vector
AV:N/AC:H/Au:N/C:N/I:P/A:P
Exploitability: 4.9 / Impact: 4.9
Source: NVD
Description
Multiple packages on Sun Solaris, including (1) NSS; (2) Java JDK and JRE 5.0 Update 8 and earlier, SDK and JRE 1.4.x up to 1.4.2_12, and SDK and JRE 1.3.x up to 1.3.1_19; (3) JSSE 1.0.3_03 and earlier; (4) IPSec/IKE; (5) Secure Global Desktop; and (6) StarOffice, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents these products from correctly verifying X.509 and other certificates that use PKCS #1.
Affected (95)
Products: Sun: Nss, Secure Global Desktop, Staroffice, Solaris, Sunos, Jdk, Jre, Sdk, Jsse
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| All versions | |
| All versions | |
| All versions |
References (22)
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions Required
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions Required
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions Required
Timeline
No history available yet.