CVE-2006-5201

4 documents4 sources

Severity

4.0MEDIUM

EPSS

4.7%

top 10.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SUN JDK SUN JRE SUN Jsse +3 more

Timeline

PublishedOct 10

Latest updateMay 1

Description

Multiple packages on Sun Solaris, including (1) NSS; (2) Java JDK and JRE 5.0 Update 8 and earlier, SDK and JRE 1.4.x up to 1.4.2_12, and SDK and JRE 1.3.x up to 1.3.1_19; (3) JSSE 1.0.3_03 and earlier; (4) IPSec/IKE; (5) Secure Global Desktop; and (6) StarOffice, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents these products from correctly verifying…

CVSS vector

AV:N/AC:H/C:N/I:P/A:PExploitability: 4.9 | Impact: 4.9

Affected Packages6 packages

▶NVDsun/jsse4 versions+3

▶NVDsun/solaris10.0, 9.0+1

▶NVDsun/jdk1.5.0

▶NVDsun/jre33 versions+32

▶NVDsun/sdk34 versions+33

Patches

Patch: secunia.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-6xx2-gv3f-2f93: Multiple packages on Sun Solaris, including (1) NSS; (2) Java JDK and JRE 5↗2022-05-01

▶

CVEList

CVE-2006-5201: Multiple packages on Sun Solaris, including (1) NSS; (2) Java JDK and JRE 5↗2006-10-09

▶

📋Vendor Advisories

Microsoft

CVE-2006-5201: NIST NVD Details: https://nvd↗2020-09-08

▶