Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

3 vulnerabilities found for classpath by gnu

CVE-2008-5659 (GCVE-0-2008-5659)

Vulnerability from nvd – Published: 2008-12-17 20:00 – Updated: 2024-08-07 11:04
VLAI?
Summary
The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and earlier uses a predictable seed based on the system time, which makes it easier for context-dependent attackers to conduct brute force attacks against cryptographic routines that use this class for randomness, as demonstrated against DSA private keys.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Date Public ?
2008-12-05 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T11:04:43.494Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "classpath-gnujavasecurityutil-weak-security(47574)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47574"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://gcc.gnu.org/bugzilla/show_bug.cgi?id=38417"
          },
          {
            "name": "[oss-security] 20081206 CVE request: weak PRNG in GNU Classpath",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2008/12/06/2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-12-05T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and earlier uses a predictable seed based on the system time, which makes it easier for context-dependent attackers to conduct brute force attacks against cryptographic routines that use this class for randomness, as demonstrated against DSA private keys."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "classpath-gnujavasecurityutil-weak-security(47574)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47574"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://gcc.gnu.org/bugzilla/show_bug.cgi?id=38417"
        },
        {
          "name": "[oss-security] 20081206 CVE request: weak PRNG in GNU Classpath",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2008/12/06/2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-5659",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and earlier uses a predictable seed based on the system time, which makes it easier for context-dependent attackers to conduct brute force attacks against cryptographic routines that use this class for randomness, as demonstrated against DSA private keys."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "classpath-gnujavasecurityutil-weak-security(47574)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47574"
            },
            {
              "name": "http://gcc.gnu.org/bugzilla/show_bug.cgi?id=38417",
              "refsource": "CONFIRM",
              "url": "http://gcc.gnu.org/bugzilla/show_bug.cgi?id=38417"
            },
            {
              "name": "[oss-security] 20081206 CVE request: weak PRNG in GNU Classpath",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2008/12/06/2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-5659",
    "datePublished": "2008-12-17T20:00:00.000Z",
    "dateReserved": "2008-12-17T00:00:00.000Z",
    "dateUpdated": "2024-08-07T11:04:43.494Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

FKIE_CVE-2008-5659

Vulnerability from fkie_nvd - Published: 2008-12-17 20:30 - Updated: 2026-04-23 00:35
Severity ?
Summary
The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and earlier uses a predictable seed based on the system time, which makes it easier for context-dependent attackers to conduct brute force attacks against cryptographic routines that use this class for randomness, as demonstrated against DSA private keys.
References
cve@mitre.orghttp://gcc.gnu.org/bugzilla/show_bug.cgi?id=38417
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2008/12/06/2
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/47574
af854a3a-2127-422b-91ae-364da2661108http://gcc.gnu.org/bugzilla/show_bug.cgi?id=38417
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2008/12/06/2
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/47574
Impacted products
Vendor Product Version
gnu classpath *
gnu classpath 0.6
gnu classpath 0.7
gnu classpath 0.8
gnu classpath 0.9
gnu classpath 0.10
gnu classpath 0.11
gnu classpath 0.12
gnu classpath 0.13
gnu classpath 0.14
gnu classpath 0.15
gnu classpath 0.16
gnu classpath 0.17
gnu classpath 0.18
gnu classpath 0.19
gnu classpath 0.20
gnu classpath 0.90
gnu classpath 0.91
gnu classpath 0.92
gnu classpath 0.93
gnu classpath 0.95
gnu classpath 0.96
gnu classpath 0.96.1
gnu classpath 0.97
gnu classpath 0.97.1
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnu:classpath:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A0CF267-C19F-4B32-A4E4-D515D3D7725B",
              "versionEndIncluding": "0.97.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:classpath:0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "73D8EFC5-F994-475D-9072-A0EB5EE93223",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:classpath:0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACEF6059-1270-45A8-A5F3-BC806ACA3DA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:classpath:0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "22290A7B-CD78-48EF-A180-3C470DE74587",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:classpath:0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8F79579-AFB2-4DDA-A37C-CF0540770C35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:classpath:0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "34F6C9C7-0CEE-4BBB-9E77-B8727342C7EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:classpath:0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "C621A667-FA3A-4460-9409-827FB707D86F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:classpath:0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBAC1BF2-C7AE-4BB4-86FA-CFC0F8125F49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:classpath:0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "E17B6783-C80E-4600-B449-4ACA3F2D1AD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:classpath:0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDF9A1B0-80CF-4690-9142-F8CC1672DBDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:classpath:0.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F9C041D-9CCB-4B70-8C34-553DA84F9298",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:classpath:0.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "83CB8D0F-DA54-4126-81F2-CA7818129DAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:classpath:0.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBA61C96-281A-455D-B065-704825B76A70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:classpath:0.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4556AEA-F27E-4E5B-91F2-685A1DC925D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:classpath:0.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "73FFB9ED-4541-4211-A7AF-89EB4BF2A59B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:classpath:0.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "89BBB5A7-5859-4DF0-9A36-6C8450BD222B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:classpath:0.90:*:*:*:*:*:*:*",
              "matchCriteriaId": "075463D4-5243-48C6-83AC-15861484719B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:classpath:0.91:*:*:*:*:*:*:*",
              "matchCriteriaId": "0561E70B-32A7-437C-803C-3A86A1C16D7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:classpath:0.92:*:*:*:*:*:*:*",
              "matchCriteriaId": "526F80F6-F252-4706-B8AE-206DF74C5D09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:classpath:0.93:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B933028-5D62-4120-A30F-4F88246915D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:classpath:0.95:*:*:*:*:*:*:*",
              "matchCriteriaId": "34024488-0741-429A-BCC6-0A7C1C7E7C8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:classpath:0.96:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E223B28-1380-4D91-A3C2-B6093C6E4F8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:classpath:0.96.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "178581EE-168B-42DC-9A13-E181BFDE4AB9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:classpath:0.97:*:*:*:*:*:*:*",
              "matchCriteriaId": "037C8E1E-EA1A-435A-B463-60B725B51F5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:classpath:0.97.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "282BE66F-A823-4A48-B028-014C8BFE9C20",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and earlier uses a predictable seed based on the system time, which makes it easier for context-dependent attackers to conduct brute force attacks against cryptographic routines that use this class for randomness, as demonstrated against DSA private keys."
    },
    {
      "lang": "es",
      "value": "La clase gnu.java.security.util.PRNG en GNU Classpath 0.97.2 y versiones anteriores usa una semilla predecible basada en la hora del sistema, la cual hace m\u00e1s f\u00e1cil para atacantes dependientes de contexto, guiar un ataque de fuerza bruta contra rutinas criptogr\u00e1ficas que usa esta clase para la aletoriedad, como se demuestra contra claves privadas DSA."
    }
  ],
  "id": "CVE-2008-5659",
  "lastModified": "2026-04-23T00:35:47.467",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-12-17T20:30:01.030",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://gcc.gnu.org/bugzilla/show_bug.cgi?id=38417"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2008/12/06/2"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47574"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://gcc.gnu.org/bugzilla/show_bug.cgi?id=38417"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2008/12/06/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47574"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-310"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2008-5659 (GCVE-0-2008-5659)

Vulnerability from cvelistv5 – Published: 2008-12-17 20:00 – Updated: 2024-08-07 11:04
VLAI?
Summary
The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and earlier uses a predictable seed based on the system time, which makes it easier for context-dependent attackers to conduct brute force attacks against cryptographic routines that use this class for randomness, as demonstrated against DSA private keys.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Date Public ?
2008-12-05 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T11:04:43.494Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "classpath-gnujavasecurityutil-weak-security(47574)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47574"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://gcc.gnu.org/bugzilla/show_bug.cgi?id=38417"
          },
          {
            "name": "[oss-security] 20081206 CVE request: weak PRNG in GNU Classpath",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2008/12/06/2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-12-05T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and earlier uses a predictable seed based on the system time, which makes it easier for context-dependent attackers to conduct brute force attacks against cryptographic routines that use this class for randomness, as demonstrated against DSA private keys."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "classpath-gnujavasecurityutil-weak-security(47574)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47574"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://gcc.gnu.org/bugzilla/show_bug.cgi?id=38417"
        },
        {
          "name": "[oss-security] 20081206 CVE request: weak PRNG in GNU Classpath",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2008/12/06/2"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-5659",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and earlier uses a predictable seed based on the system time, which makes it easier for context-dependent attackers to conduct brute force attacks against cryptographic routines that use this class for randomness, as demonstrated against DSA private keys."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "classpath-gnujavasecurityutil-weak-security(47574)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47574"
            },
            {
              "name": "http://gcc.gnu.org/bugzilla/show_bug.cgi?id=38417",
              "refsource": "CONFIRM",
              "url": "http://gcc.gnu.org/bugzilla/show_bug.cgi?id=38417"
            },
            {
              "name": "[oss-security] 20081206 CVE request: weak PRNG in GNU Classpath",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2008/12/06/2"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-5659",
    "datePublished": "2008-12-17T20:00:00.000Z",
    "dateReserved": "2008-12-17T00:00:00.000Z",
    "dateUpdated": "2024-08-07T11:04:43.494Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}