QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2006-5201

Back to search

CVE-2006-5201

Published: Oct 9, 2006

Modified: Aug 7, 2024

PUBLISHED

Description

Multiple packages on Sun Solaris, including (1) NSS; (2) Java JDK and JRE 5.0 Update 8 and earlier, SDK and JRE 1.4.x up to 1.4.2_12, and SDK and JRE 1.3.x up to 1.3.1_19; (3) JSSE 1.0.3_03 and earlier; (4) IPSec/IKE; (5) Secure Global Desktop; and (6) StarOffice, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents these products from correctly verifying X.509 and other certificates that use PKCS #1.

VendorProductVersions

n/a

n/a

affected
n/a

References

22992
third-party-advisory
x_refsource_SECUNIA
102657
vendor-advisory
x_refsource_SUNALERT
ADV-2006-3899
vdb-entry
x_refsource_VUPEN
ADV-2006-3960
vdb-entry
x_refsource_VUPEN
ADV-2006-3898
vdb-entry
x_refsource_VUPEN
22325
third-party-advisory
x_refsource_SECUNIA
102648
vendor-advisory
x_refsource_SUNALERT
22204
third-party-advisory
x_refsource_SECUNIA
22226
third-party-advisory
x_refsource_SECUNIA
VU#845620
third-party-advisory
x_refsource_CERT-VN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now