CVE-2014-0878 - The IBMSecureRandom component in the IBMJCE and IBMSecureRandom cryptographic providers in IBM SDK J

CVE-2014-0878

Summary

The IBMSecureRandom component in the IBMJCE and IBMSecureRandom cryptographic providers in IBM SDK Java Technology Edition 5.0 before Service Refresh 16 FP6, 6 before Service Refresh 16, 6.0.1 before Service Refresh 8, 7 before Service Refresh 7, and 7R1 before Service Refresh 1 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms by predicting the random number generator's output.

References

Vulnerable Configurations

cpe:2.3:a:ibm:java_sdk:6.0.0.0:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:6.0.0.0:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:6.0.1.0:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:6.0.1.0:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:6.0.2.0:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:6.0.2.0:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:6.0.3.0:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:6.0.3.0:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:6.0.4.0:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:6.0.4.0:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:6.0.5.0:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:6.0.5.0:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:6.0.6.0:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:6.0.6.0:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:6.0.7.0:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:6.0.7.0:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:6.0.8.0:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:6.0.8.0:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:6.0.8.1:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:6.0.8.1:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:6.0.9.0:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:6.0.9.0:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:6.0.9.1:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:6.0.9.1:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:6.0.9.2:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:6.0.9.2:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:6.0.10.0:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:6.0.10.0:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:6.0.10.1:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:6.0.10.1:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:6.0.11.0:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:6.0.11.0:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:6.0.12.0:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:6.0.12.0:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:6.0.13.0:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:6.0.13.0:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:6.0.13.1:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:6.0.13.1:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:6.0.13.2:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:6.0.13.2:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:6.0.14.0:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:6.0.14.0:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:6.0.15.0:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:6.0.15.0:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:6.0.15.1:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:6.0.15.1:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:5.0.0.0:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:5.0.0.0:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:5.0.11.0:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:5.0.11.0:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:5.0.11.1:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:5.0.11.1:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:5.0.11.2:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:5.0.11.2:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:5.0.12.0:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:5.0.12.0:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:5.0.12.1:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:5.0.12.1:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:5.0.12.2:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:5.0.12.2:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:5.0.12.3:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:5.0.12.3:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:5.0.12.4:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:5.0.12.4:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:5.0.12.5:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:5.0.12.5:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:5.0.13.0:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:5.0.13.0:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:5.0.14.0:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:5.0.14.0:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:5.0.15.0:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:5.0.15.0:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:5.0.16.0:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:5.0.16.0:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:5.0.16.1:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:5.0.16.1:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:5.0.16.2:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:5.0.16.2:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:5.0.16.3:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:5.0.16.3:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:5.0.16.4:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:5.0.16.4:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:5.0.16.5:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:5.0.16.5:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:7.0.0.0:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:7.0.0.0:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:7.0.1.0:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:7.0.1.0:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:7.0.2.0:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:7.0.2.0:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:7.0.3.0:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:7.0.3.0:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:7.0.4.0:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:7.0.4.0:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:7.0.4.1:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:7.0.4.1:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:7.0.4.2:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:7.0.4.2:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:7.0.5.0:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:7.0.5.0:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:7.0.6.0:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:7.0.6.0:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:7.0.6.1:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:7.0.6.1:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:7.1.0.0:*:*:*:technology:*:*:*
cpe:2.3:a:ibm:java_sdk:7.1.0.0:*:*:*:technology:*:*:*

CVSS

Base:	5.8 (as of 29-08-2017 - 01:34)
Impact:
Exploitability:

CWE

CWE-310

CAPEC

Signature Spoofing by Key Recreation
An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:N

redhat via4

rpms

java-1.7.0-ibm-1:1.7.0.7.0-1jpp.1.el5_10
java-1.7.0-ibm-1:1.7.0.7.0-1jpp.1.el6_5
java-1.7.0-ibm-demo-1:1.7.0.7.0-1jpp.1.el5_10
java-1.7.0-ibm-demo-1:1.7.0.7.0-1jpp.1.el6_5
java-1.7.0-ibm-devel-1:1.7.0.7.0-1jpp.1.el5_10
java-1.7.0-ibm-devel-1:1.7.0.7.0-1jpp.1.el6_5
java-1.7.0-ibm-jdbc-1:1.7.0.7.0-1jpp.1.el5_10
java-1.7.0-ibm-jdbc-1:1.7.0.7.0-1jpp.1.el6_5
java-1.7.0-ibm-plugin-1:1.7.0.7.0-1jpp.1.el5_10
java-1.7.0-ibm-plugin-1:1.7.0.7.0-1jpp.1.el6_5
java-1.7.0-ibm-src-1:1.7.0.7.0-1jpp.1.el5_10
java-1.7.0-ibm-src-1:1.7.0.7.0-1jpp.1.el6_5
java-1.6.0-ibm-1:1.6.0.16.0-1jpp.1.el5_10
java-1.6.0-ibm-1:1.6.0.16.0-1jpp.1.el6_5
java-1.6.0-ibm-accessibility-1:1.6.0.16.0-1jpp.1.el5_10
java-1.6.0-ibm-demo-1:1.6.0.16.0-1jpp.1.el5_10
java-1.6.0-ibm-demo-1:1.6.0.16.0-1jpp.1.el6_5
java-1.6.0-ibm-devel-1:1.6.0.16.0-1jpp.1.el5_10
java-1.6.0-ibm-devel-1:1.6.0.16.0-1jpp.1.el6_5
java-1.6.0-ibm-javacomm-1:1.6.0.16.0-1jpp.1.el5_10
java-1.6.0-ibm-javacomm-1:1.6.0.16.0-1jpp.1.el6_5
java-1.6.0-ibm-jdbc-1:1.6.0.16.0-1jpp.1.el5_10
java-1.6.0-ibm-jdbc-1:1.6.0.16.0-1jpp.1.el6_5
java-1.6.0-ibm-plugin-1:1.6.0.16.0-1jpp.1.el5_10
java-1.6.0-ibm-plugin-1:1.6.0.16.0-1jpp.1.el6_5
java-1.6.0-ibm-src-1:1.6.0.16.0-1jpp.1.el5_10
java-1.6.0-ibm-src-1:1.6.0.16.0-1jpp.1.el6_5
java-1.5.0-ibm-1:1.5.0.16.6-1jpp.1.el5_10
java-1.5.0-ibm-1:1.5.0.16.6-1jpp.1.el6_5
java-1.5.0-ibm-accessibility-1:1.5.0.16.6-1jpp.1.el5_10
java-1.5.0-ibm-demo-1:1.5.0.16.6-1jpp.1.el5_10
java-1.5.0-ibm-demo-1:1.5.0.16.6-1jpp.1.el6_5
java-1.5.0-ibm-devel-1:1.5.0.16.6-1jpp.1.el5_10
java-1.5.0-ibm-devel-1:1.5.0.16.6-1jpp.1.el6_5
java-1.5.0-ibm-javacomm-1:1.5.0.16.6-1jpp.1.el5_10
java-1.5.0-ibm-javacomm-1:1.5.0.16.6-1jpp.1.el6_5
java-1.5.0-ibm-jdbc-1:1.5.0.16.6-1jpp.1.el5_10
java-1.5.0-ibm-jdbc-1:1.5.0.16.6-1jpp.1.el6_5
java-1.5.0-ibm-plugin-1:1.5.0.16.6-1jpp.1.el5_10
java-1.5.0-ibm-plugin-1:1.5.0.16.6-1jpp.1.el6_5
java-1.5.0-ibm-src-1:1.5.0.16.6-1jpp.1.el5_10
java-1.5.0-ibm-src-1:1.5.0.16.6-1jpp.1.el6_5
java-1.7.1-ibm-1:1.7.1.1.0-1jpp.2.el7_0
java-1.7.1-ibm-demo-1:1.7.1.1.0-1jpp.2.el7_0
java-1.7.1-ibm-devel-1:1.7.1.1.0-1jpp.2.el7_0
java-1.7.1-ibm-jdbc-1:1.7.1.1.0-1jpp.2.el7_0
java-1.7.1-ibm-plugin-1:1.7.1.1.0-1jpp.2.el7_0
java-1.7.1-ibm-src-1:1.7.1.1.0-1jpp.2.el7_0
java-1.6.0-ibm-1:1.6.0.16.0-1jpp.1.el5
java-1.6.0-ibm-1:1.6.0.16.0-1jpp.1.el6
java-1.6.0-ibm-devel-1:1.6.0.16.0-1jpp.1.el5
java-1.6.0-ibm-devel-1:1.6.0.16.0-1jpp.1.el6

refmap via4

bid	67601
confirm	http://www-01.ibm.com/support/docview.wss?uid=swg21672043 http://www-01.ibm.com/support/docview.wss?uid=swg21673836 http://www-01.ibm.com/support/docview.wss?uid=swg21674539 http://www-01.ibm.com/support/docview.wss?uid=swg21676672 http://www-01.ibm.com/support/docview.wss?uid=swg21676703 http://www-01.ibm.com/support/docview.wss?uid=swg21676746 http://www-01.ibm.com/support/docview.wss?uid=swg21679610 http://www-01.ibm.com/support/docview.wss?uid=swg21679713 http://www-01.ibm.com/support/docview.wss?uid=swg21680750 http://www-01.ibm.com/support/docview.wss?uid=swg21681256 http://www-01.ibm.com/support/docview.wss?uid=swg21683484 http://www-01.ibm.com/support/docview.wss?uid=swg21686717 http://www-01.ibm.com/support/docview.wss?uid=swg21689593 http://www.ibm.com/support/docview.wss?uid=swg21675343 http://www.ibm.com/support/docview.wss?uid=swg21675588 http://www.ibm.com/support/docview.wss?uid=swg21677387
secunia	59022 59023 59058 61264
xf	ibm-java-cve20140878-weak-sec(91084)

Last major update

29-08-2017 - 01:34

Published

26-05-2014 - 19:55

Last modified

29-08-2017 - 01:34