cpe:/a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.01 cpe:/a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.02 cpe:/a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.03 cpe:/a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.04 cpe:/a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.05 cpe:/a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.06 cpe:/a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.07 cpe:/a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.08 cpe:/a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.09 cpe:/a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.10 cpe:/a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.11 cpe:/a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.12 cpe:/a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.13 cpe:/a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.14 cpe:/a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.15 cpe:/a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.16 cpe:/a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.17 cpe:/a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.18 cpe:/a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.19 cpe:/a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.20 cpe:/a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.21 cpe:/a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.22 cpe:/a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.23 cpe:/a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.24 cpe:/a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.25 cpe:/a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.26 cpe:/a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.27 cpe:/a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.28 cpe:/a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.29 cpe:/a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.30 cpe:/a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.31 cpe:/a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.32 cpe:/a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.33 cpe:/a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.34 cpe:/a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.35 cpe:/a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.36 cpe:/a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.37 cpe:/a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.38 cpe:/a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.39 cpe:/a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.40 cpe:/a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.41 cpe:/a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.42 cpe:/a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.43 cpe:/a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.44 cpe:/a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.45 cpe:/a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.46 cpe:/a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.47 cpe:/a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.48 cpe:/a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.49 cpe:/a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.50 cpe:/a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.51 cpe:/a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.52 cpe:/a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.53 cpe:/a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.54 cpe:/a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.55 cpe:/a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.56 cpe:/a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.57 cpe:/a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.58 CVE-2017-13098 2017-12-12T20:29:00.280-05:00 2019-10-09T19:23:24.483-04:00 4.3 NETWORK MEDIUM NONE PARTIAL NONE NONE http://nvd.nist.gov BID 102195 DEBIAN DSA-4072 CERT-VN VU#144389 CONFIRM https://github.com/bcgit/bc-java/commit/a00b684465b38d722ca9a3543b8af8568e6bad5c MISC https://robotattack.org/ CONFIRM https://security.netapp.com/advisory/ntap-20171222-0001/ BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE (Java Cryptography Extension) for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable application. This vulnerability is referred to as "ROBOT."