Vulnerability Details : CVE-2008-5659
The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and earlier uses a predictable seed based on the system time, which makes it easier for context-dependent attackers to conduct brute force attacks against cryptographic routines that use this class for randomness, as demonstrated against DSA private keys.
Products affected by CVE-2008-5659
- cpe:2.3:a:gnu:classpath:*:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:classpath:0.96.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:classpath:0.95:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:classpath:0.93:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:classpath:0.17:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:classpath:0.16:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:classpath:0.9:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:classpath:0.8:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:classpath:0.92:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:classpath:0.91:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:classpath:0.97.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:classpath:0.90:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:classpath:0.20:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:classpath:0.13:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:classpath:0.12:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:classpath:0.15:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:classpath:0.14:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:classpath:0.7:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:classpath:0.6:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:classpath:0.97:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:classpath:0.96:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:classpath:0.19:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:classpath:0.18:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:classpath:0.11:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:classpath:0.10:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-5659
0.30%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 70 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-5659
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2008-5659
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-5659
Jump to