ID CVE-2015-7940
Summary The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an "invalid curve attack."
References
Vulnerable Configurations
  • openSUSE Leap 42.1
    cpe:2.3:o:opensuse:leap:42.1
  • OpenSUSE 13.1
    cpe:2.3:o:opensuse:opensuse:13.1
  • OpenSUSE 13.2
    cpe:2.3:o:opensuse:opensuse:13.2
  • cpe:2.3:a:bouncycastle:bouncy_castle_crypto_package:1.50
    cpe:2.3:a:bouncycastle:bouncy_castle_crypto_package:1.50
  • Oracle Application Testing Suite 12.5.0.1
    cpe:2.3:a:oracle:application_testing_suite:12.5.0.1
  • Oracle Application Testing Suite 12.5.0.2
    cpe:2.3:a:oracle:application_testing_suite:12.5.0.2
  • Oracle Application Testing Suite 12.5.0.3
    cpe:2.3:a:oracle:application_testing_suite:12.5.0.3
  • Oracle Enterprise Manager Ops Center 12.1.4
    cpe:2.3:a:oracle:enterprise_manager_ops_center:12.1.4
  • cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2
    cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2
  • Oracle PeopleSoft Enterprise PeopleTools 8.54
    cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.54
  • Oracle PeopleSoft Enterprise PeopleTools 8.55
    cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55
  • cpe:2.3:a:oracle:virtual_desktop_infrastructure:3.5.2
    cpe:2.3:a:oracle:virtual_desktop_infrastructure:3.5.2
CVSS
Base: 5.0 (as of 15-11-2016 - 14:04)
Impact:
Exploitability:
CWE CWE-200
CAPEC
  • Subverting Environment Variable Values
    The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
  • Footprinting
    An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
  • Exploiting Trust in Client (aka Make the Client Invisible)
    An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
  • Browser Fingerprinting
    An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
  • Session Credential Falsification through Prediction
    This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.
  • Reusing Session IDs (aka Session Replay)
    This attack targets the reuse of valid session ID to spoof the target system in order to gain privileges. The attacker tries to reuse a stolen session ID used previously during a transaction to perform spoofing and session hijacking. Another name for this type of attack is Session Replay.
  • Using Slashes in Alternate Encoding
    This attack targets the encoding of the Slash characters. An attacker would try to exploit common filtering problems related to the use of the slashes characters to gain access to resources on the target host. Directory-driven systems, such as file systems and databases, typically use the slash character to indicate traversal between directories or other container components. For murky historical reasons, PCs (and, as a result, Microsoft OSs) choose to use a backslash, whereas the UNIX world typically makes use of the forward slash. The schizophrenic result is that many MS-based systems are required to understand both forms of the slash. This gives the attacker many opportunities to discover and abuse a number of common filtering problems. The goal of this pattern is to discover server software that only applies filters to one version, but not the other.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
nessus via4
  • NASL family Web Servers
    NASL id ORACLE_HTTP_SERVER_CPU_JAN_2018.NASL
    description The version of Oracle HTTP Server installed on the remote host is affected by multiple vulnerabilities as noted in the January 2018 CPU advisory.
    last seen 2019-02-21
    modified 2019-01-25
    plugin id 106299
    published 2018-01-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106299
    title Oracle Fusion Middleware Oracle HTTP Server Multiple Vulnerabilities (January 2018 CPU)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-361.NASL
    description The Bouncy Castle Java library before 1.51 does not validate that a point is within the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an 'invalid curve attack.' For Debian 6 'Squeeze', this issue has been fixed in version 1.44+dfsg-2+deb6u1 of bouncycastle. Many thanks to upstream author Peter Dettmann who reviewed the backport that we prepared. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-06
    plugin id 87266
    published 2015-12-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87266
    title Debian DLA-361-1 : bouncycastle security update
  • NASL family Misc.
    NASL id ORACLE_ENTERPRISE_MANAGER_JUL_2017_CPU.NASL
    description The version of Oracle Enterprise Manager Grid Control installed on the remote host is missing a security patch. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in the Bouncy Castle Java library due to improper validation of a point within the elliptic curve. An unauthenticated, remote attacker can exploit this to obtain private keys by using a series of specially crafted elliptic curve Diffie-Hellman (ECDH) key exchanges, also known as an 'invalid curve attack.' (CVE-2015-7940) - A flaw exists in the PathTools module for Perl in the File::Spec::canonpath() function that is triggered as strings are returned as untainted even when passing tainted input. An unauthenticated, remote attacker can exploit this to pass unvalidated user input to sensitive or insecure areas. (CVE-2015-8607) - An overflow condition exists in Perl in the MapPathA() function due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this to cause a denial of service condition or the execution of arbitrary code. (CVE-2015-8608) - A remote code execution vulnerability exists in the Apache Struts component due to improper handling of multithreaded access to an ActionForm instance. An unauthenticated, remote attacker can exploit this, via a specially crafted multipart request, to execute arbitrary code or cause a denial of service condition. (CVE-2016-1181) - A flaw exists in Perl that is triggered during the handling of variables that appear twice in the environment (envp), causing the last value to appear in %ENV, while getenv would return the first. An unauthenticated, remote attacker can exploit this to cause variables to be incorrectly propagated to subprocesses, regardless of the protections offered by taint checking. (CVE-2016-2381) - A denial of service vulnerability exists in the Apache Commons FileUpload component due to improper handling of boundaries in content-type headers when handling file upload requests. An unauthenticated, remote attacker can exploit this to cause processes linked against the library to become unresponsive. (CVE-2016-3092) - A man-in-the-middle vulnerability exists in various components, known as 'httpoxy', due to a failure to properly resolve namespace conflicts in accordance with RFC 3875 section 4.1.18. The HTTP_PROXY environment variable is set based on untrusted user data in the 'Proxy' header of HTTP requests. The HTTP_PROXY environment variable is used by some web client libraries to specify a remote proxy server. An unauthenticated, remote attacker can exploit this, via a crafted 'Proxy' header in an HTTP request, to redirect an application's internal HTTP traffic to an arbitrary proxy server where it may be observed or manipulated. (CVE-2016-5385, CVE-2016-5386, CVE-2016-5387, CVE-2016-5388) - A carry propagating error exists in the OpenSSL component in the x86_64 Montgomery squaring implementation that may cause the BN_mod_exp() function to produce incorrect results. An unauthenticated, remote attacker with sufficient resources can exploit this to obtain sensitive information regarding private keys. Moreover, the attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example, this can occur by default in OpenSSL DHE based SSL/TLS cipher suites. (CVE-2017-3732) - An unspecified flaw exists in the UI Framework component that allows authenticated, remote attacker to have an impact on integrity. (CVE-2017-10091)
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 101837
    published 2017-07-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=101837
    title Oracle Enterprise Manager Grid Control Multiple Vulnerabilities (July 2017 CPU) (httpoxy)
  • NASL family Web Servers
    NASL id SUN_JAVA_WEB_SERVER_7_0_27.NASL
    description According to its self-reported version, the Oracle iPlanet Web Server (formerly known as Sun Java System Web Server) running on the remote host is 7.0.x prior to 7.0.27 Patch 26834070. It is, therefore, affected by an unspecified vulnerability in the Network Security Services (NSS) library with unknown impact.
    last seen 2019-02-21
    modified 2018-08-03
    plugin id 106349
    published 2018-01-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106349
    title Oracle iPlanet Web Server 7.0.x < 7.0.27 NSS Unspecified Vulnerability (January 2018 CPU)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3417.NASL
    description Tibor Jager, Jorg Schwenk, and Juraj Somorovsky, from Horst Gortz Institute for IT Security, published a paper in ESORICS 2015 where they describe an invalid curve attack in Bouncy Castle Crypto, a Java library for cryptography. An attacker is able to recover private Elliptic Curve keys from different applications, for example, TLS servers. More information: http://web-in-security.blogspot.ca/2015/09/practical-invalid-curve-att acks.htmlPractical Invalid Curve Attacks on TLS-ECDH: http://euklid.org/pdf/ECC_Invalid_Curve.pdf
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 87359
    published 2015-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=87359
    title Debian DSA-3417-1 : bouncycastle - security update
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2015-7D95466EDA.NASL
    description Security fix for CVE-2015-7940 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-03-04
    plugin id 89298
    published 2016-03-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89298
    title Fedora 22 : bouncycastle-1.50-8.fc22 (2015-7d95466eda)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3727-1.NASL
    description It was discovered that Bouncy Castle incorrectly handled certain crypto algorithms. A remote attacker could possibly use these issues to obtain sensitive information, including private keys. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 111512
    published 2018-08-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111512
    title Ubuntu 14.04 LTS : bouncycastle vulnerabilities (USN-3727-1)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_142824-29.NASL
    description Indexing and Search Service 1u5-29.15600: core patch. Date this patch was last updated by Sun : Jan/07/17
    last seen 2018-10-27
    modified 2018-10-26
    plugin id 107538
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107538
    title Solaris 10 (sparc) : 142824-29
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2015-705.NASL
    description bouncycastle was updated to version 1.53 to fix one security issue. This security issue was fixed : - CVE-2015-7940: Invalid curve attack (bsc#951727).
    last seen 2018-09-01
    modified 2015-11-20
    plugin id 86740
    published 2015-11-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86740
    title openSUSE Security Update : bouncycastle (openSUSE-2015-705)
  • NASL family Misc.
    NASL id ORACLE_ENTERPRISE_MANAGER_JAN_2017_CPU.NASL
    description The version of Oracle Enterprise Manager Cloud Control installed on the remote host is affected by multiple vulnerabilities in the Enterprise Manager Base Platform component : - A flaw exists in the Bouncy Castle Java library due to improper validation of a point within the elliptic curve. An unauthenticated, remote attacker can exploit this to obtain private keys by using a series of specially crafted elliptic curve Diffie-Hellman (ECDH) key exchanges, also known as an 'invalid curve attack.' (CVE-2015-7940) - A flaw exists in Apache MyFaces Trinidad, specifically in the CoreResponseStateManager component, due to the ObjectInputStream and ObjectOutputStream strings being used directly without securely deserializing Java input. An unauthenticated, remote attacker can exploit this, via a deserialization attack using a crafted serialized view state string, to have an unspecified impact that may include the execution of arbitrary code. (CVE-2016-5019) Note that the product was formerly known as Enterprise Manager Grid Control.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 96777
    published 2017-01-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=96777
    title Oracle Enterprise Manager Cloud Control Multiple Vulnerabilities (January 2017 CPU)
  • NASL family Misc.
    NASL id ORACLE_JDEVELOPER_CPU_JUL_2018.NASL
    description The version of Oracle JDeveloper installed on the remote host is missing a security patch. Please see the vendor advisory for additional information.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 111332
    published 2018-07-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111332
    title Oracle JDeveloper Information Disclosure Vulnerability (July 2018 CPU)
redhat via4
advisories
  • rhsa
    id RHSA-2016:2035
  • rhsa
    id RHSA-2016:2036
refmap via4
bid 79091
confirm
debian DSA-3417
fedora FEDORA-2015-7d95466eda
misc http://web-in-security.blogspot.ca/2015/09/practical-invalid-curve-attacks.html
mlist
  • [oss-security] 20151022 CVE Request: invalid curve attack on bouncycastle
  • [oss-security] 20151022 Re: CVE Request: invalid curve attack on bouncycastle
sectrack
  • 1037036
  • 1037046
  • 1037053
suse openSUSE-SU-2015:1911
ubuntu USN-3727-1
Last major update 07-12-2016 - 13:25
Published 09-11-2015 - 11:59
Last modified 16-01-2019 - 14:29
Back to Top