---

CVE-2017-10176 - log back

CVE-2017-10176 created at 25 Sep 2019 19:31:40
Severity	+ Medium
Remote	+ Remote
Type	+ Private key recovery
Description	+ It was discovered that the Elliptic Curve (EC) cryptography implementation in the Security component of OpenJDK did not perform computations for certain points correctly. An attacker able to interact with a Java application using EC cryptography could possibly use this flaw to obtain information about the used key.
References	+ http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/d99101781d7e
Notes