CVE-2017-10115 - log back

CVE-2017-10115 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Private key recovery
Description
+ A covert timing channel flaw was found in the DSA implementation in the JCE component of OpenJDK. A remote attacker able to make a Java application generate DSA signatures on demand could possibly use this flaw to extract certain information about the used key via a timing side channel.
References
+ http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/3c8ea47635b6
Notes