Oracle Corporation Information for VU#144389
TLS implementations may disclose side channel information via discrepencies between valid and invalid PKCS#1 padding
- Vendor Information Help Date Notified: 15 Nov 2017
- Statement Date: 15 Dec 2017
- Date Updated: 18 Dec 2017
Unknown. If you are the vendor named above, please contact us to update your status.
No statement is currently available from the vendor regarding this vulnerability.
According to the reporter, Java/JSSE were previously known vulnerable in 2012 and assigned CVE-2012-5081. We do not currently have any verification that CVE-2012-5081 was a Bleichenbacher-style vulnerability, but the vulnerability was resolved in 2012 in any case. Please ensure you are using the release of any products since 2012.
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.