CVE-2018-15800
Timing attack allows extraction of signing key in Bits Service
Cloud Foundry Bits Service, versions prior to 2.18.0, includes an information disclosure vulnerability. A remote malicious user may execute a timing attack to brute-force the signing key, allowing them complete read and write access to the the Bits Service storage.
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Productos afectados
Cloud Foundry · Bits Service Release¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →