CVE-2017-10669
MEDIUMOSCI Transport Library 1.6.1 (Java) and 1.6 (.NET) - Signature Wrapping via Duplicate IDs
Title source: llmDescription
Signature Wrapping exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET). An attacker with access to unencrypted OSCI protocol messages must send crafted protocol messages with duplicate IDs.
References (2)
Core 2
Core References
Mailing List, Third Party Advisory x_refsource_misc
http://seclists.org/fulldisclosure/2017/Jun/44
Technical Description, Third Party Advisory
http://blog.sec-consult.com/2017/06/german-e-government-details-vulnerabilities.html
Scores
CVSS v3
6.5
EPSS
0.0049
EPSS Percentile
38.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Details
CWE
CWE-347
Status
published
Products (2)
xoev/osci_transport_library
1.6
xoev/osci_transport_library
1.6.1
Published
Jun 30, 2017
Tracked Since
Feb 18, 2026