CVE-2008-5659
Published Dec 17, 2008
Last updated 7 years ago
Overview
- Description
- The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and earlier uses a predictable seed based on the system time, which makes it easier for context-dependent attackers to conduct brute force attacks against cryptographic routines that use this class for randomness, as demonstrated against DSA private keys.
- Source
- cve@mitre.org
- NVD status
- Modified
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-310
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gnu:classpath:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1A0CF267-C19F-4B32-A4E4-D515D3D7725B",
"versionEndIncluding": "0.97.2"
},
{
"criteria": "cpe:2.3:a:gnu:classpath:0.6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "73D8EFC5-F994-475D-9072-A0EB5EE93223"
},
{
"criteria": "cpe:2.3:a:gnu:classpath:0.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ACEF6059-1270-45A8-A5F3-BC806ACA3DA6"
},
{
"criteria": "cpe:2.3:a:gnu:classpath:0.8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "22290A7B-CD78-48EF-A180-3C470DE74587"
},
{
"criteria": "cpe:2.3:a:gnu:classpath:0.9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D8F79579-AFB2-4DDA-A37C-CF0540770C35"
},
{
"criteria": "cpe:2.3:a:gnu:classpath:0.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "34F6C9C7-0CEE-4BBB-9E77-B8727342C7EC"
},
{
"criteria": "cpe:2.3:a:gnu:classpath:0.11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C621A667-FA3A-4460-9409-827FB707D86F"
},
{
"criteria": "cpe:2.3:a:gnu:classpath:0.12:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FBAC1BF2-C7AE-4BB4-86FA-CFC0F8125F49"
},
{
"criteria": "cpe:2.3:a:gnu:classpath:0.13:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E17B6783-C80E-4600-B449-4ACA3F2D1AD6"
},
{
"criteria": "cpe:2.3:a:gnu:classpath:0.14:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CDF9A1B0-80CF-4690-9142-F8CC1672DBDF"
},
{
"criteria": "cpe:2.3:a:gnu:classpath:0.15:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0F9C041D-9CCB-4B70-8C34-553DA84F9298"
},
{
"criteria": "cpe:2.3:a:gnu:classpath:0.16:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "83CB8D0F-DA54-4126-81F2-CA7818129DAA"
},
{
"criteria": "cpe:2.3:a:gnu:classpath:0.17:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EBA61C96-281A-455D-B065-704825B76A70"
},
{
"criteria": "cpe:2.3:a:gnu:classpath:0.18:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D4556AEA-F27E-4E5B-91F2-685A1DC925D0"
},
{
"criteria": "cpe:2.3:a:gnu:classpath:0.19:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "73FFB9ED-4541-4211-A7AF-89EB4BF2A59B"
},
{
"criteria": "cpe:2.3:a:gnu:classpath:0.20:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "89BBB5A7-5859-4DF0-9A36-6C8450BD222B"
},
{
"criteria": "cpe:2.3:a:gnu:classpath:0.90:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "075463D4-5243-48C6-83AC-15861484719B"
},
{
"criteria": "cpe:2.3:a:gnu:classpath:0.91:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0561E70B-32A7-437C-803C-3A86A1C16D7C"
},
{
"criteria": "cpe:2.3:a:gnu:classpath:0.92:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "526F80F6-F252-4706-B8AE-206DF74C5D09"
},
{
"criteria": "cpe:2.3:a:gnu:classpath:0.93:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4B933028-5D62-4120-A30F-4F88246915D3"
},
{
"criteria": "cpe:2.3:a:gnu:classpath:0.95:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "34024488-0741-429A-BCC6-0A7C1C7E7C8E"
},
{
"criteria": "cpe:2.3:a:gnu:classpath:0.96:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2E223B28-1380-4D91-A3C2-B6093C6E4F8A"
},
{
"criteria": "cpe:2.3:a:gnu:classpath:0.96.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "178581EE-168B-42DC-9A13-E181BFDE4AB9"
},
{
"criteria": "cpe:2.3:a:gnu:classpath:0.97:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "037C8E1E-EA1A-435A-B463-60B725B51F5D"
},
{
"criteria": "cpe:2.3:a:gnu:classpath:0.97.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "282BE66F-A823-4A48-B028-014C8BFE9C20"
}
],
"operator": "OR"
}
]
}
]