CVE-2016-8212 in RSA BSAFE Crypto-Jinfo

Summary

An issue was discovered in EMC RSA BSAFE Crypto-J versions prior to 6.2.2. There is an Improper OCSP Validation Vulnerability. OCSP responses have two time values: thisUpdate and nextUpdate. These specify a validity period; however, both values are optional. Crypto-J treats the lack of a nextUpdate as indicating that the OCSP response is valid indefinitely instead of restricting its validity for a brief period surrounding the thisUpdate time. This vulnerability is similar to the issue described in CVE-2015-4748.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Reservation

09/13/2016

Disclosure

02/03/2017

Moderation

VulDB entry created

Entries

1: VDB-96087

CPE

ready

CWE

CWE-254 (Confirmed)

CVSS

4.8

EPSS

0.01138

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-8212
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-8212
CVE Details	https://www.cvedetails.com/cve/CVE-2016-8212/

◂ Previous Overview Next ▸

Interested in the pricing of exploits?

See the underground prices here!