CVE-2008-5659

Published Dec 17, 2008

Last updated 8 years ago

CVSS info 7.5

Overview

Description: The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and earlier uses a predictable seed based on the system time, which makes it easier for context-dependent attackers to conduct brute force attacks against cryptographic routines that use this class for randomness, as demonstrated against DSA private keys.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-310

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:gnu:classpath:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1A0CF267-C19F-4B32-A4E4-D515D3D7725B",
            "versionEndIncluding": "0.97.2"
          },
          {
            "criteria": "cpe:2.3:a:gnu:classpath:0.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "73D8EFC5-F994-475D-9072-A0EB5EE93223"
          },
          {
            "criteria": "cpe:2.3:a:gnu:classpath:0.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ACEF6059-1270-45A8-A5F3-BC806ACA3DA6"
          },
          {
            "criteria": "cpe:2.3:a:gnu:classpath:0.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "22290A7B-CD78-48EF-A180-3C470DE74587"
          },
          {
            "criteria": "cpe:2.3:a:gnu:classpath:0.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D8F79579-AFB2-4DDA-A37C-CF0540770C35"
          },
          {
            "criteria": "cpe:2.3:a:gnu:classpath:0.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "34F6C9C7-0CEE-4BBB-9E77-B8727342C7EC"
          },
          {
            "criteria": "cpe:2.3:a:gnu:classpath:0.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C621A667-FA3A-4460-9409-827FB707D86F"
          },
          {
            "criteria": "cpe:2.3:a:gnu:classpath:0.12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FBAC1BF2-C7AE-4BB4-86FA-CFC0F8125F49"
          },
          {
            "criteria": "cpe:2.3:a:gnu:classpath:0.13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E17B6783-C80E-4600-B449-4ACA3F2D1AD6"
          },
          {
            "criteria": "cpe:2.3:a:gnu:classpath:0.14:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CDF9A1B0-80CF-4690-9142-F8CC1672DBDF"
          },
          {
            "criteria": "cpe:2.3:a:gnu:classpath:0.15:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0F9C041D-9CCB-4B70-8C34-553DA84F9298"
          },
          {
            "criteria": "cpe:2.3:a:gnu:classpath:0.16:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "83CB8D0F-DA54-4126-81F2-CA7818129DAA"
          },
          {
            "criteria": "cpe:2.3:a:gnu:classpath:0.17:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EBA61C96-281A-455D-B065-704825B76A70"
          },
          {
            "criteria": "cpe:2.3:a:gnu:classpath:0.18:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D4556AEA-F27E-4E5B-91F2-685A1DC925D0"
          },
          {
            "criteria": "cpe:2.3:a:gnu:classpath:0.19:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "73FFB9ED-4541-4211-A7AF-89EB4BF2A59B"
          },
          {
            "criteria": "cpe:2.3:a:gnu:classpath:0.20:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "89BBB5A7-5859-4DF0-9A36-6C8450BD222B"
          },
          {
            "criteria": "cpe:2.3:a:gnu:classpath:0.90:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "075463D4-5243-48C6-83AC-15861484719B"
          },
          {
            "criteria": "cpe:2.3:a:gnu:classpath:0.91:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0561E70B-32A7-437C-803C-3A86A1C16D7C"
          },
          {
            "criteria": "cpe:2.3:a:gnu:classpath:0.92:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "526F80F6-F252-4706-B8AE-206DF74C5D09"
          },
          {
            "criteria": "cpe:2.3:a:gnu:classpath:0.93:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4B933028-5D62-4120-A30F-4F88246915D3"
          },
          {
            "criteria": "cpe:2.3:a:gnu:classpath:0.95:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "34024488-0741-429A-BCC6-0A7C1C7E7C8E"
          },
          {
            "criteria": "cpe:2.3:a:gnu:classpath:0.96:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2E223B28-1380-4D91-A3C2-B6093C6E4F8A"
          },
          {
            "criteria": "cpe:2.3:a:gnu:classpath:0.96.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "178581EE-168B-42DC-9A13-E181BFDE4AB9"
          },
          {
            "criteria": "cpe:2.3:a:gnu:classpath:0.97:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "037C8E1E-EA1A-435A-B463-60B725B51F5D"
          },
          {
            "criteria": "cpe:2.3:a:gnu:classpath:0.97.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "282BE66F-A823-4A48-B028-014C8BFE9C20"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References