---

CVE-2017-10135 - log back

CVE-2017-10135 created at 25 Sep 2019 19:31:40
Severity	+ Low
Remote	+ Remote
Type	+ Private key recovery
Description	+ A covert timing channel flaw was found in the PKCS#8 implementation in the JCE component of OpenJDK. A remote attacker able to make a Java application repeatedly compare PKCS#8 key against an attacker controlled value could possibly use this flaw to determine the key via a timing side channel.
References	+ http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/079cd6c5de27
Notes