Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Timing attack allows extraction of signing key in Bits Service
Vulnerability Description
Cloud Foundry Bits Service, versions prior to 2.18.0, includes an information disclosure vulnerability. A remote malicious user may execute a timing attack to brute-force the signing key, allowing them complete read and write access to the the Bits Service storage.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Cloud Foundry Bits Service 信息泄露漏洞
Vulnerability Description
Cloud Foundry Bits Service是美国Cloud Foundry基金会的一款能够将“位操作”封装到可单独扩展的服务中的程序。 Cloud Foundry Bits Service 2.18.0之前版本中存在信息泄露漏洞。远程攻击者可通过实施时序攻击利用该漏洞暴力破解签名密钥,对Bits Service存储进行读取和写入。
CVSS Information
N/A
Vulnerability Type
N/A