Vulnerability Details : CVE-2006-5201
Multiple packages on Sun Solaris, including (1) NSS; (2) Java JDK and JRE 5.0 Update 8 and earlier, SDK and JRE 1.4.x up to 1.4.2_12, and SDK and JRE 1.3.x up to 1.3.1_19; (3) JSSE 1.0.3_03 and earlier; (4) IPSec/IKE; (5) Secure Global Desktop; and (6) StarOffice, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents these products from correctly verifying X.509 and other certificates that use PKCS #1.
Products affected by CVE-2006-5201
- cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*
- cpe:2.3:o:sun:solaris:9.0:*:*:*:*:sparc:*:*
- cpe:2.3:o:sun:solaris:10.0:*:*:*:*:sparc:*:*
- cpe:2.3:a:sun:staroffice:*:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update6:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:-:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update1:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update3:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update2:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update4:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update5:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update7:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update7_b03:*:*:*:*:*:*
- cpe:2.3:a:sun:jdk:1.5.0:update8:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.2_6:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.2_7:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update4:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update5:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.2_2:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.2_3:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update1:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.2_1:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.2_10:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.2_8:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.2_9:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.2_4:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.2_5:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update2:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update3:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.2_12:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.2_11:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update6:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:-:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.4.2:-:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update8:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.3.1:-:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.3.1_03:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.3.1_10:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.3.1_12:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.3.1_17:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.3.1_19:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.3.1_05:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.3.1_06:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.3.1_07:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.3.1_08:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.3.1_13:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.3.1_14:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.3.1_15:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.3.1_16:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.5.0:update7:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.3.1_2:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.3.1_04:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.3.1_09:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.3.1_11:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jre:1.3.1_18:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.3.1_01:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.3.1_01a:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.4.2_9:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.4.2_3:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.4.2_8:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.4.2_1:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.4.2_2:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.4.2_5:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.4.2_6:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.4.2_7:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.4.2_4:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.3.1_02:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.3.1_07:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.3.1_09:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.3.1_11:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.3.1_16:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.3.1_18:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.3.1_03:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.3.1_04:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.3.1_05:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.3.1_06:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.4.2_10:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.4.2_11:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.4.2_12:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.3.1_12:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.3.1_13:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.3.1_14:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.3.1_15:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.3.1_08:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.3.1_10:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.3.1_17:*:*:*:*:*:*:*
- cpe:2.3:a:sun:sdk:1.3.1_19:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jsse:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jsse:1.0.3_02:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jsse:1.0.3_01:*:*:*:*:*:*:*
- cpe:2.3:a:sun:jsse:1.0.3_03:*:*:*:*:*:*:*
- cpe:2.3:a:sun:secure_global_desktop:*:*:*:*:*:*:*:*
- cpe:2.3:a:sun:nss:*:*:*:*:*:*:*:*
Threat overview for CVE-2006-5201
Top countries where our scanners detected CVE-2006-5201
Top open port discovered on systems with this issue
554
IPs affected by CVE-2006-5201 2
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2006-5201!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2006-5201
3.82%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 88 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-5201
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:H/Au:N/C:N/I:P/A:P |
4.9
|
4.9
|
NIST |
References for CVE-2006-5201
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102657-1
Broken Link
-
http://secunia.com/advisories/22992
About Secunia Research | FlexeraThird Party Advisory
-
http://www.kb.cert.org/vuls/id/845620
VU#845620 - Multiple RSA implementations fail to properly handle signaturesThird Party Advisory;US Government Resource
-
http://www.vupen.com/english/advisories/2006/3960
Site en constructionPermissions Required
-
http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm
ASA-2006-250 (SUN 102606, 102636, 102640, 102648, 102651, 102652, 102655, 102657)Third Party Advisory
-
http://secunia.com/advisories/22325
About Secunia Research | FlexeraThird Party Advisory
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1
Broken Link
-
http://secunia.com/advisories/22226
About Secunia Research | FlexeraThird Party Advisory
-
http://www.vupen.com/english/advisories/2006/3899
Site en constructionPermissions Required
-
http://secunia.com/advisories/22204
About Secunia Research | FlexeraPatch;Third Party Advisory
-
http://www.vupen.com/english/advisories/2006/3898
Site en constructionPermissions Required
Jump to