Home > 정보마당 > 공개SW 보안취약점

공개SW 보안취약점

Bouncy Castle 1.54

OSS관리자1 2019-12-12 16:18:37 200
컴포넌트 명 : Bouncy Castle
컴포넌트에 대한 취약점 정보
버전 정보 취약점 ID 취약점 최종 보고일 심각도
1.54 CVE-2018-1000613 2019/04/24 7.5 (High)
취약점 ID : CVE-2018-1000613
취약점 상세정보
취약점 설명 Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later.
대응 방안 -
기타 -
공개SW 보안취약점 게시물 리스트 표
번호 컴포넌트 명 및 버전 취약점ID 심각도 취약점
최종 보고일
대응방안
108 Apache Xerces2 J 2.10.0 CVE-2012-0881 7.8 (High) 2019/10/18
107 fop 1.1 CVE-2017-5661 7.9 (High) 2017/11/04
106 Elasticsearch 0.17.8 CVE-2015-1427 7.5 (High) 2018/10/10
105 Bouncy Castle 1.54 CVE-2018-1000613 7.5 (High) 2019/04/24
104 Spring Batch Test 2.1.8.RELEASE CVE-2019-3774 7.5 (High) 2019/10/10
103 Infrastructure 2.1.8.RELEASE CVE-2019-3774 7.5 (High) 2019/10/10
102 Apache Struts 1.0.2 CVE-2006-1547 7.8 (High) 2017/07/20
101 Spring Data Commons 1.8.4.RELEASE CVE-2018-1273 7.5 (High) 2019/10/10
100 Spring Data Commons 1.6.1.RELEASE CVE-2018-1273 7.5 (High) 2019/10/10
99 libplexus-utils 2.0.5 CVE-2017-1000487 7.5 (High) 2019/10/03
맨 위로
맨 위로