Vulnerability Details : CVE-2017-13098
Public exploit exists!
BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE (Java Cryptography Extension) for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable application. This vulnerability is referred to as "ROBOT."
Products affected by CVE-2017-13098
- cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-13098
76.28%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2017-13098
-
Scanner for Bleichenbacher Oracle in RSA PKCS #1 v1.5
Disclosure Date: 2009-06-17First seen: 2020-04-26auxiliary/scanner/ssl/bleichenbacher_oracleSome TLS implementations handle errors processing RSA key exchanges and encryption (PKCS #1 v1.5 messages) in a broken way that leads an adaptive chosen-chiphertext attack. Attackers cannot recover a server's private key, but they can decrypt and sign messages with i
CVSS scores for CVE-2017-13098
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST | |
|
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
CERT/CC | |
|
5.9
|
MEDIUM | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
2.2
|
3.6
|
NIST |
CWE ids for CVE-2017-13098
-
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor, which exposes security-relevant information about the state of the product, such as whether a particular operation was successful or not.Assigned by:
- cret@cert.org (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2017-13098
-
https://security.netapp.com/advisory/ntap-20171222-0001/
CVE-2017-13098 Bouncy Castle TLS Vulnerability in NetApp Products | NetApp Product SecurityIssue Tracking;Third Party Advisory
-
http://www.securityfocus.com/bid/102195
Bouncy Castle CVE-2017-13098 Information Disclosure VulnerabilityThird Party Advisory;VDB Entry
-
https://www.oracle.com/security-alerts/cpuoct2020.html
Oracle Critical Patch Update Advisory - October 2020
-
http://www.kb.cert.org/vuls/id/144389
VU#144389 - TLS implementations may disclose side channel information via discrepancies between valid and invalid PKCS#1 paddingIssue Tracking;Mitigation;Third Party Advisory;US Government Resource
-
https://robotattack.org/
The ROBOT Attack - Return of Bleichenbacher's Oracle ThreatIssue Tracking;Third Party Advisory
-
https://www.debian.org/security/2017/dsa-4072
Debian -- Security Information -- DSA-4072-1 bouncycastleIssue Tracking;Third Party Advisory
-
https://github.com/bcgit/bc-java/commit/a00b684465b38d722ca9a3543b8af8568e6bad5c
Confirm size of decrypted PMS before using · bcgit/bc-java@a00b684 · GitHubIssue Tracking;Patch;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00011.html
[security-announce] openSUSE-SU-2020:0607-1: moderate: Security update f
Jump to