Oracle Corporation Information for VU#144389

TLS implementations may disclose side channel information via discrepencies between valid and invalid PKCS#1 padding

Status

Unknown. If you are the vendor named above, please contact us to update your status.

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

According to the reporter, Java/JSSE were previously known vulnerable in 2012 and assigned CVE-2012-5081. We do not currently have any verification that CVE-2012-5081 was a Bleichenbacher-style vulnerability, but the vulnerability was resolved in 2012 in any case. Please ensure you are using the release of any products since 2012.

Vendor References

https://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.