{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T13:15:57.446","vulnerabilities":[{"cve":{"id":"CVE-2017-13098","sourceIdentifier":"cret@cert.org","published":"2017-12-13T01:29:00.280","lastModified":"2025-05-12T17:37:16.527","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"BouncyCastle TLS prior to version 1.0.3, when configured to use the JCE (Java Cryptography Extension) for cryptographic functions, provides a weak Bleichenbacher oracle when any TLS cipher suite using RSA key exchange is negotiated. An attacker can recover the private key from a vulnerable application. This vulnerability is referred to as \"ROBOT.\""},{"lang":"es","value":"BouncyCastle TLS, en versiones anteriores a la 1.0.3 cuando está configurado para utilizar la JCE (Java Cryptography Extension) para funciones criptográficas, proporciona un oráculo de Bleichenbacher débil cuando se negocia una suite de cifrado TLS que utiliza un intercambio de claves RSA. Un atacante puede recuperar la clave privada desde una aplicación vulnerable. Esta vulnerabilidad es conocida como \"ROBOT\"."}],"metrics":{"cvssMetricV30":[{"source":"cret@cert.org","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","baseScore":5.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.2,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cret@cert.org","type":"Secondary","description":[{"lang":"en","value":"CWE-203"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-203"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*","versionEndExcluding":"1.59","matchCriteriaId":"F597AE42-F2B3-4039-81DA-C881EA1D43EF"}]}]}],"references":[{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00011.html","source":"cret@cert.org"},{"url":"http://www.kb.cert.org/vuls/id/144389","source":"cret@cert.org","tags":["Issue Tracking","Mitigation","Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/102195","source":"cret@cert.org","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/bcgit/bc-java/commit/a00b684465b38d722ca9a3543b8af8568e6bad5c","source":"cret@cert.org","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://robotattack.org/","source":"cret@cert.org","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20171222-0001/","source":"cret@cert.org","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://www.debian.org/security/2017/dsa-4072","source":"cret@cert.org","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpuoct2020.html","source":"cret@cert.org"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00011.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.kb.cert.org/vuls/id/144389","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Mitigation","Third Party Advisory","US Government Resource"]},{"url":"http://www.securityfocus.com/bid/102195","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://github.com/bcgit/bc-java/commit/a00b684465b38d722ca9a3543b8af8568e6bad5c","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Patch","Third Party Advisory"]},{"url":"https://robotattack.org/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20171222-0001/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://www.debian.org/security/2017/dsa-4072","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking","Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpuoct2020.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}