Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple packages on Sun Solaris, including (1) NSS; (2) Java JDK and JRE 5.0 Update 8 and earlier, SDK and JRE 1.4.x up to 1.4.2_12, and SDK and JRE 1.3.x up to 1.3.1_19; (3) JSSE 1.0.3_03 and earlier; (4) IPSec/IKE; (5) Secure Global Desktop; and (6) StarOffice, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents these products from correctly verifying X.509 and other certificates that use PKCS #1.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Sun Solaris 多个软件包签名伪造漏洞
Vulnerability Description
Sun Solaris平台上的多个软件包,其中包括(1)NSS;(2)Java JDK和JRE 5.0 Update 8以及之前的版本,SDK和JRE 1.4.x至1.4.2_12,以及SDK和JRE 1.3.x至1.3.1_19;(3)JSSE 1.0.3_03和之前的版本;(4)IPSec/IKE;(5)Secure Global Desktop以及(6)StarOffice,在使用带有指数3的RSA密钥的情况下,在生成散列之前删除PKCS-1填补资料,远程攻击者可以伪造由RSA密钥签署的PKCS #
CVSS Information
N/A
Vulnerability Type
N/A