---

CVE-2017-10118 - log back

CVE-2017-10118 created at 25 Sep 2019 19:31:40
Severity	+ Medium
Remote	+ Remote
Type	+ Private key recovery
Description	+ A covert timing channel flaw was found in the ECDSA implementation in the JCE component of OpenJDK. A remote attacker able to make a Java application generate ECDSA signatures on demand could possibly use this flaw to extract certain information about the used key via a timing side channel.
References	+ http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/996632997de8
Notes