1. Home
  2. Vulnerabilities
  3. CVE-2017-13098

CVE-2017-13098

CVSS v3.0 5.9 (Medium)
59% Progress
CVSS v2.0 4.3 (Medium)
43% Progress
EPSS 0.56 % (78th)
0.56% Progress
Affected Products 1
Advisories 8
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE (Java Cryptography Extension) for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable application. This vulnerability is referred to as "ROBOT."

Weaknesses
CWE-203
Observable Discrepancy
CVE Status
PUBLISHED
CNA
CERT/CC
Published Date
2017-12-13 01:29:00
(6 years ago)
Updated Date
2020-10-20 22:15:20
(3 years ago)

Affected Products

Bouncycastle

Configuration #1

    CPE23 From Up To
  Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api prior 1.59 version cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api < 1.59