Medium severity5.9NVD Advisory· Published Jun 30, 2017· Updated Jun 17, 2026
CVE-2017-10668
CVE-2017-10668
Description
A Padding Oracle exists in OSCI-Transport 1.2 as used in OSCI Transport Library 1.6.1 (Java) and OSCI Transport Library 1.6 (.NET). Under an MITM condition within the OSCI infrastructure, an attacker needs to send crafted protocol messages to analyse the CBC mode padding in order to decrypt the transport encryption.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3cpe:2.3:a:xoev:osci_transport_library:1.6.1:*:*:*:java:*:*:*+ 1 more
- cpe:2.3:a:xoev:osci_transport_library:1.6.1:*:*:*:java:*:*:*
- cpe:2.3:a:xoev:osci_transport_library:1.6:*:*:*:.net:*:*:*
- Range: 1.6.1 (Java) and 1.6 (.NET)
Patches
Vulnerability mechanics
References
2- blog.sec-consult.com/2017/06/german-e-government-details-vulnerabilities.htmlnvdTechnical DescriptionThird Party Advisory
- seclists.org/fulldisclosure/2017/Jun/44nvdMailing ListThird Party Advisory
News mentions
0No linked articles in our index yet.