---

CVE-2017-10115 - log back

CVE-2017-10115 created at 25 Sep 2019 19:31:40
Severity	+ Medium
Remote	+ Remote
Type	+ Private key recovery
Description	+ A covert timing channel flaw was found in the DSA implementation in the JCE component of OpenJDK. A remote attacker able to make a Java application generate DSA signatures on demand could possibly use this flaw to extract certain information about the used key via a timing side channel.
References	+ http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/3c8ea47635b6
Notes