7.5 - CVE-2018-1000180

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Informations
Name	CVE-2018-1000180	First vendor Publication	2018-06-05
Vendor	Cve	Last vendor Modification	2023-11-07

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Overall CVSS Score	7.5
Base Score	7.5	Environmental Score	7.5
impact SubScore	3.6	Temporal Score	7.5
Exploitabality Sub Score	3.9

Attack Vector	Network	Attack Complexity	Low
Privileges Required	None	User Interaction	None
Scope	Unchanged	Confidentiality Impact	High
Integrity Impact	None	Availability Impact	None
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Cvss Base Score	5	Attack Range	Network
Cvss Impact Score	2.9	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key pair generator, specifically RSA Key Pairs generated in low-level API with added certainty may have less M-R tests than expected. This appears to be fixed in versions BC 1.60 beta 4 and later, BC-FJA 1.0.2 and later.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000180

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-327	Use of a Broken or Risky Cryptographic Algorithm (CWE/SANS Top 25)

CPE : Common Platform Enumeration

Type	Description	Count
Application	Bouncycastle Fips Java Api cpe:2.3:a:bouncycastle:fips_java_api::::::::	1
Application	Bouncycastle Legion-Of-The-Bouncy-Castle-Java-Crytography-Api cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.54:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.47:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.46:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.45:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.44:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.43:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.42:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.41:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.40:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.39:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.38:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.37:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.36:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.35:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.34:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.33:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.32:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.31:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.30:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.29:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.28:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.27:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.26:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.25:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.24:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.23:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.22:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.21:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.20:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.19:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.18:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.17:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.16:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.15:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.14:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.13:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.12:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.11:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.10:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.09:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.08:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.07:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.06:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.05:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.04:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.03:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.02:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.01:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api::::::::	49
Application	Netapp Oncommand Workflow Automation cpe:2.3:a:netapp:oncommand_workflow_automation:-:::::::*	1
Application	Oracle Api Gateway cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:::::::*	1
Application	Oracle Business Process Management Suite cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:::::::* cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:::::::* cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:::::::*	3
Application	Oracle Business Transaction Management cpe:2.3:a:oracle:business_transaction_management:12.1.0:::::::*	1
Application	Oracle Communications Application Session Controller cpe:2.3:a:oracle:communications_application_session_controller:3.8.0:::::::* cpe:2.3:a:oracle:communications_application_session_controller:3.7.1:::::::*	2
Application	Oracle Communications Converged Application Server cpe:2.3:a:oracle:communications_converged_application_server:7.0:::::::* cpe:2.3:a:oracle:communications_converged_application_server:5.1:::::::* cpe:2.3:a:oracle:communications_converged_application_server::::::::	3
Application	Oracle Communications Webrtc Session Controller cpe:2.3:a:oracle:communications_webrtc_session_controller:7.1:::::::* cpe:2.3:a:oracle:communications_webrtc_session_controller:7.0:::::::* cpe:2.3:a:oracle:communications_webrtc_session_controller::::::::	3
Application	Oracle Enterprise Repository cpe:2.3:a:oracle:enterprise_repository:12.1.3.0.0:::::::*	1
Application	Oracle Managed File Transfer cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:::::::* cpe:2.3:a:oracle:managed_file_transfer:12.1.3.0.0:::::::*	2
Application	Oracle Peoplesoft Enterprise Peopletools cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:::::::* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:::::::* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:::::::*	3
Application	Oracle Retail Convenience And Fuel Pos Software cpe:2.3:a:oracle:retail_convenience_and_fuel_pos_software:2.8.1:::::::*	1
Application	Oracle Retail Xstore Point Of Service cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:::::::* cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:::::::*	2
Application	Oracle Soa Suite cpe:2.3:a:oracle:soa_suite:12.2.1.3.0:::::::* cpe:2.3:a:oracle:soa_suite:12.1.3.0.0:::::::*	2
Application	Oracle Webcenter Portal cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:::::::* cpe:2.3:a:oracle:webcenter_portal:11.1.1.9.0:::::::*	2
Application	Oracle Weblogic Server cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:::::::*	1
Os	Debian Debian Linux cpe:2.3:o:debian:debian_linux:9.0:::::::*	1
Os	Redhat Virtualization cpe:2.3:o:redhat:virtualization:4.2:::::::*	1

Nessus® Vulnerability Scanner

Date	Description
2019-01-03	Name : The remote Fedora host is missing a security update. File : fedora_2018-ceced55c5e.nasl - Type : ACT_GATHER_INFO
2018-07-16	Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_fe93803c883f11e89f0c001b216d295b.nasl - Type : ACT_GATHER_INFO
2018-06-25	Name : The remote Debian host is missing a security-related update. File : debian_DSA-4233.nasl - Type : ACT_GATHER_INFO
2018-06-19	Name : The remote Fedora host is missing a security update. File : fedora_2018-da9fe79871.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

https://lists.apache.org/thread.html/708d94141126eac03011144a971a6411fcac16d9...

Source	Url
BID	http://www.securityfocus.com/bid/106567
CONFIRM	https://github.com/bcgit/bc-java/commit/22467b6e8fe19717ecdf201c0cf91bacf04a55ad https://github.com/bcgit/bc-java/commit/73780ac522b7795fc165630aba8d5f5729acc839 https://security.netapp.com/advisory/ntap-20190204-0003/ https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
DEBIAN	https://www.debian.org/security/2018/dsa-4233
MISC	https://github.com/bcgit/bc-java/wiki/CVE-2018-1000180 https://www.bountysource.com/issues/58293083-rsa-key-generation-computation-o... https://www.oracle.com/security-alerts/cpuApr2021.html https://www.oracle.com/security-alerts/cpuoct2020.html https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
N/A	https://www.oracle.com/security-alerts/cpuapr2020.html
REDHAT	https://access.redhat.com/errata/RHSA-2018:2423 https://access.redhat.com/errata/RHSA-2018:2424 https://access.redhat.com/errata/RHSA-2018:2425 https://access.redhat.com/errata/RHSA-2018:2428 https://access.redhat.com/errata/RHSA-2018:2643 https://access.redhat.com/errata/RHSA-2018:2669 https://access.redhat.com/errata/RHSA-2019:0877

Alert History

If you want to see full details history, please login or register.

Date	Informations
2023-11-07 21:41:44	Multiple Updates
2022-12-01 01:36:38	Multiple Updates
2022-04-28 01:33:57	Multiple Updates
2021-06-15 00:23:18	Multiple Updates
2021-05-04 13:07:37	Multiple Updates
2021-04-22 02:21:35	Multiple Updates
2020-10-21 05:22:47	Multiple Updates
2020-10-15 17:22:44	Multiple Updates
2020-10-13 05:22:42	Multiple Updates
2020-05-23 02:09:49	Multiple Updates
2020-05-23 01:05:24	Multiple Updates
2019-10-03 09:20:43	Multiple Updates
2019-07-24 05:19:20	Multiple Updates
2019-04-26 21:19:38	Multiple Updates
2019-04-25 05:19:26	Multiple Updates
2019-04-24 05:18:56	Multiple Updates
2019-04-24 00:18:54	Multiple Updates
2019-04-17 17:19:01	Multiple Updates
2019-02-05 17:19:23	Multiple Updates
2019-01-17 00:19:18	Multiple Updates
2018-10-16 12:04:27	Multiple Updates
2018-09-12 17:19:19	Multiple Updates
2018-09-05 17:19:37	Multiple Updates
2018-08-16 17:19:27	Multiple Updates
2018-08-02 17:19:21	Multiple Updates
2018-06-24 09:19:20	Multiple Updates
2018-06-05 17:19:42	First insertion

Global Informations

Type	Count
CWE ID(s)	1
CPE ID(s)	80
Sources(s)	21
Nessus® Exploit(s)	4

	Related
7.5	RHSA-2019:0877
5	DSA-4233
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 2 more Alert(s)

7.5 - CVE-2018-1000180

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

CPE : Common Platform Enumeration

Nessus® Vulnerability Scanner

Sources (Detail)

Alert History

Global Informations

Open Standards

Other Databases

COMPANY

STANDARDS

RECENT POSTS

MENU