medium
4
CWE
NVD-CWE-Other
Advisory Published
Updated

CVE-2006-5201

First published: Mon Oct 09 2006(Updated: )

Multiple packages on Sun Solaris, including (1) NSS; (2) Java JDK and JRE 5.0 Update 8 and earlier, SDK and JRE 1.4.x up to 1.4.2_12, and SDK and JRE 1.3.x up to 1.3.1_19; (3) JSSE 1.0.3_03 and earlier; (4) IPSec/IKE; (5) Secure Global Desktop; and (6) StarOffice, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents these products from correctly verifying X.509 and other certificates that use PKCS #1.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Tarantella Secure Global Desktop
Network Security Services (NSS)
Libstaroffice
Sun SunOS=5.8
Oracle Solaris SPARC=9.0
Oracle Solaris SPARC=10.0
Java Development Kit (JDK)=1.5.0-update3
Java Development Kit (JDK)=1.5.0-update6
Java Development Kit (JDK)=1.5.0-update1
Java Development Kit (JDK)=1.5.0-update4
Java Development Kit (JDK)=1.5.0-update7
Java Development Kit (JDK)=1.5.0-update5
Java Development Kit (JDK)=1.5.0-update7_b03
Java Development Kit (JDK)=1.5.0-update2
Java Development Kit (JDK)=1.5.0-update8
Java Development Kit (JDK)=1.5.0
Sun Java Runtime Environment (JRE)=1.4.2_7
Sun Java Runtime Environment (JRE)=1.3.1_10
Sun Java Runtime Environment (JRE)=1.3.1_06
Sun Java Runtime Environment (JRE)=1.4.2_4
Sun Java Runtime Environment (JRE)=1.4.2_2
Sun Java Runtime Environment (JRE)=1.5.0-update2
Sun Java Runtime Environment (JRE)=1.3.1_2
Sun Java Runtime Environment (JRE)=1.4.2_1
Sun Java Runtime Environment (JRE)=1.4.2_8
Sun Java Runtime Environment (JRE)=1.3.1_16
Sun Java Runtime Environment (JRE)=1.3.1_19
Sun Java Runtime Environment (JRE)=1.5.0-update8
Sun Java Runtime Environment (JRE)=1.3.1_11
Sun Java Runtime Environment (JRE)=1.3.1_17
Sun Java Runtime Environment (JRE)=1.4.2_12
Sun Java Runtime Environment (JRE)=1.3.1_12
Sun Java Runtime Environment (JRE)=1.3.1_03
Sun Java Runtime Environment (JRE)=1.3.1_14
Sun Java Runtime Environment (JRE)=1.3.1_08
Sun Java Runtime Environment (JRE)=1.5.0-update7
Sun Java Runtime Environment (JRE)=1.5.0-update3
Sun Java Runtime Environment (JRE)=1.3.1_07
Sun Java Runtime Environment (JRE)=1.3.1_05
Sun Java Runtime Environment (JRE)=1.4.2_10
Sun Java Runtime Environment (JRE)=1.5.0-update5
Sun Java Runtime Environment (JRE)=1.4.2_9
Sun Java Runtime Environment (JRE)=1.5.0-update6
Sun Java Runtime Environment (JRE)=1.3.1_13
Sun Java Runtime Environment (JRE)=1.3.1_04
Sun Java Runtime Environment (JRE)=1.3.1_09
Sun Java Runtime Environment (JRE)=1.4.2_11
Sun Java Runtime Environment (JRE)=1.5.0-update1
Sun Java Runtime Environment (JRE)=1.3.1_18
Sun Java Runtime Environment (JRE)=1.3.1_15
Sun Java Runtime Environment (JRE)=1.4.2_3
Sun Java Runtime Environment (JRE)=1.5.0-update4
Sun Java Runtime Environment (JRE)=1.4.2_5
Sun Java Runtime Environment (JRE)=1.4.2_6
Sun Java Runtime Environment (JRE)=1.5.0
Sun Java Runtime Environment (JRE)=1.4.2
Sun Java Runtime Environment (JRE)=1.3.1
Java Development Kit (JDK)=1.3.1_03
Java Development Kit (JDK)=1.4.2
Java Development Kit (JDK)=1.3.1_19
Java Development Kit (JDK)=1.3.1
Java Development Kit (JDK)=1.3.1_08
Java Development Kit (JDK)=1.4.2_10
Java Development Kit (JDK)=1.4.2_12
Java Development Kit (JDK)=1.3.1_15
Java Development Kit (JDK)=1.4.2_6
Java Development Kit (JDK)=1.3.1_07
Java Development Kit (JDK)=1.4.2_2
Java Development Kit (JDK)=1.3.1_10
Java Development Kit (JDK)=1.4.2_5
Java Development Kit (JDK)=1.3.1_06
Java Development Kit (JDK)=1.4.2_1
Java Development Kit (JDK)=1.3.1_12
Java Development Kit (JDK)=1.4.2_4
Java Development Kit (JDK)=1.3.1_17
Java Development Kit (JDK)=1.3.1_02
Java Development Kit (JDK)=1.3.1_18
Java Development Kit (JDK)=1.3.1_01
Java Development Kit (JDK)=1.3.1_16
Java Development Kit (JDK)=1.3.1_01a
Java Development Kit (JDK)=1.3.1_14
Java Development Kit (JDK)=1.4.2_7
Java Development Kit (JDK)=1.3.1_13
Java Development Kit (JDK)=1.4.2_8
Java Development Kit (JDK)=1.4.2_11
Java Development Kit (JDK)=1.3.1_09
Java Development Kit (JDK)=1.4.2_9
Java Development Kit (JDK)=1.3.1_04
Java Development Kit (JDK)=1.3.1_05
Java Development Kit (JDK)=1.4.2_3
Java Development Kit (JDK)=1.3.1_11
Sun JSSE=1.0.3
Sun JSSE=1.0.3_02
Sun JSSE=1.0.3_01
Sun JSSE=1.0.3_03

Remedy

http://secunia.com/advisories/22204

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2006-5201?

    CVE-2006-5201 has a CVSS score that indicates a moderate level of severity depending on the specific configuration and use case.

  • How do I fix CVE-2006-5201?

    To fix CVE-2006-5201, ensure you upgrade to the latest versions of all affected software packages identified in the vulnerability report.

  • Which versions are affected by CVE-2006-5201?

    CVE-2006-5201 affects multiple versions of Java JDK, JRE, NSS, JSSE, and other Sun Solaris packages.

  • What types of software are vulnerable in CVE-2006-5201?

    CVE-2006-5201 affects various Sun Solaris software packages, including NSS, Java JDK/JRE, JSSE, and StarOffice.

  • Can CVE-2006-5201 be exploited remotely?

    Yes, CVE-2006-5201 has the potential for remote exploitation, which can compromise the integrity of systems using vulnerable software.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203