First published: Sun Aug 20 2017(Updated: )
Connect2id Nimbus JOSE+JWT could provide weaker than expected security, caused by proceeding with ECKey construction without ensuring that the public x and y coordinates are on the specified curve. A remote attacker could exploit this vulnerability to conduct an Invalid Curve Attack.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
IBM GDE | <=3.0.0.2 | |
Connect2id Nimbus Jose\+jwt | =1.0 | |
Connect2id Nimbus Jose\+jwt | =1.1 | |
Connect2id Nimbus Jose\+jwt | =1.2 | |
Connect2id Nimbus Jose\+jwt | =1.3 | |
Connect2id Nimbus Jose\+jwt | =1.4 | |
Connect2id Nimbus Jose\+jwt | =1.5 | |
Connect2id Nimbus Jose\+jwt | =1.6 | |
Connect2id Nimbus Jose\+jwt | =1.7 | |
Connect2id Nimbus Jose\+jwt | =1.8 | |
Connect2id Nimbus Jose\+jwt | =1.9 | |
Connect2id Nimbus Jose\+jwt | =1.9.1 | |
Connect2id Nimbus Jose\+jwt | =1.10 | |
Connect2id Nimbus Jose\+jwt | =1.11 | |
Connect2id Nimbus Jose\+jwt | =1.12 | |
Connect2id Nimbus Jose\+jwt | =2.0 | |
Connect2id Nimbus Jose\+jwt | =2.0.1 | |
Connect2id Nimbus Jose\+jwt | =2.1 | |
Connect2id Nimbus Jose\+jwt | =2.1.1 | |
Connect2id Nimbus Jose\+jwt | =2.2 | |
Connect2id Nimbus Jose\+jwt | =2.3 | |
Connect2id Nimbus Jose\+jwt | =2.4 | |
Connect2id Nimbus Jose\+jwt | =2.5 | |
Connect2id Nimbus Jose\+jwt | =2.6 | |
Connect2id Nimbus Jose\+jwt | =2.7 | |
Connect2id Nimbus Jose\+jwt | =2.8 | |
Connect2id Nimbus Jose\+jwt | =2.9 | |
Connect2id Nimbus Jose\+jwt | =2.10 | |
Connect2id Nimbus Jose\+jwt | =2.10.1 | |
Connect2id Nimbus Jose\+jwt | =2.11.0 | |
Connect2id Nimbus Jose\+jwt | =2.12.0 | |
Connect2id Nimbus Jose\+jwt | =2.13.0 | |
Connect2id Nimbus Jose\+jwt | =2.13.1 | |
Connect2id Nimbus Jose\+jwt | =2.14 | |
Connect2id Nimbus Jose\+jwt | =2.15 | |
Connect2id Nimbus Jose\+jwt | =2.15.1 | |
Connect2id Nimbus Jose\+jwt | =2.15.2 | |
Connect2id Nimbus Jose\+jwt | =2.16 | |
Connect2id Nimbus Jose\+jwt | =2.17 | |
Connect2id Nimbus Jose\+jwt | =2.17.1 | |
Connect2id Nimbus Jose\+jwt | =2.17.2 | |
Connect2id Nimbus Jose\+jwt | =2.18 | |
Connect2id Nimbus Jose\+jwt | =2.18.1 | |
Connect2id Nimbus Jose\+jwt | =2.18.2 | |
Connect2id Nimbus Jose\+jwt | =2.19 | |
Connect2id Nimbus Jose\+jwt | =2.19.1 | |
Connect2id Nimbus Jose\+jwt | =2.20 | |
Connect2id Nimbus Jose\+jwt | =2.21 | |
Connect2id Nimbus Jose\+jwt | =2.22 | |
Connect2id Nimbus Jose\+jwt | =2.22.1 | |
Connect2id Nimbus Jose\+jwt | =2.23 | |
Connect2id Nimbus Jose\+jwt | =2.24 | |
Connect2id Nimbus Jose\+jwt | =2.25 | |
Connect2id Nimbus Jose\+jwt | =2.26 | |
Connect2id Nimbus Jose\+jwt | =2.26.1 | |
Connect2id Nimbus Jose\+jwt | =3.0 | |
Connect2id Nimbus Jose\+jwt | =3.1 | |
Connect2id Nimbus Jose\+jwt | =3.1.1 | |
Connect2id Nimbus Jose\+jwt | =3.1.2 | |
Connect2id Nimbus Jose\+jwt | =3.2 | |
Connect2id Nimbus Jose\+jwt | =3.2.1 | |
Connect2id Nimbus Jose\+jwt | =3.2.2 | |
Connect2id Nimbus Jose\+jwt | =3.3 | |
Connect2id Nimbus Jose\+jwt | =3.4 | |
Connect2id Nimbus Jose\+jwt | =3.5 | |
Connect2id Nimbus Jose\+jwt | =3.6 | |
Connect2id Nimbus Jose\+jwt | =3.7 | |
Connect2id Nimbus Jose\+jwt | =3.8 | |
Connect2id Nimbus Jose\+jwt | =3.8.1 | |
Connect2id Nimbus Jose\+jwt | =3.8.2 | |
Connect2id Nimbus Jose\+jwt | =3.9 | |
Connect2id Nimbus Jose\+jwt | =3.9.1 | |
Connect2id Nimbus Jose\+jwt | =3.9.2 | |
Connect2id Nimbus Jose\+jwt | =3.10 | |
Connect2id Nimbus Jose\+jwt | =4.0 | |
Connect2id Nimbus Jose\+jwt | =4.0.1 | |
Connect2id Nimbus Jose\+jwt | =4.1 | |
Connect2id Nimbus Jose\+jwt | =4.1.1 | |
Connect2id Nimbus Jose\+jwt | =4.2 | |
Connect2id Nimbus Jose\+jwt | =4.3 | |
Connect2id Nimbus Jose\+jwt | =4.3.1 | |
Connect2id Nimbus Jose\+jwt | =4.4 | |
Connect2id Nimbus Jose\+jwt | =4.5 | |
Connect2id Nimbus Jose\+jwt | =4.6 | |
Connect2id Nimbus Jose\+jwt | =4.7 | |
Connect2id Nimbus Jose\+jwt | =4.8 | |
Connect2id Nimbus Jose\+jwt | =4.9 | |
Connect2id Nimbus Jose\+jwt | =4.10 | |
Connect2id Nimbus Jose\+jwt | =4.11 | |
Connect2id Nimbus Jose\+jwt | =4.11.1 | |
Connect2id Nimbus Jose\+jwt | =4.11.2 | |
Connect2id Nimbus Jose\+jwt | =4.12 | |
Connect2id Nimbus Jose\+jwt | =4.13 | |
Connect2id Nimbus Jose\+jwt | =4.13.1 | |
Connect2id Nimbus Jose\+jwt | =4.14 | |
Connect2id Nimbus Jose\+jwt | =4.15 | |
Connect2id Nimbus Jose\+jwt | =4.15.1 | |
Connect2id Nimbus Jose\+jwt | =4.16 | |
Connect2id Nimbus Jose\+jwt | =4.16.1 | |
Connect2id Nimbus Jose\+jwt | =4.16.2 | |
Connect2id Nimbus Jose\+jwt | =4.17 | |
Connect2id Nimbus Jose\+jwt | =4.18 | |
Connect2id Nimbus Jose\+jwt | =4.19 | |
Connect2id Nimbus Jose\+jwt | =4.20 | |
Connect2id Nimbus Jose\+jwt | =4.21 | |
Connect2id Nimbus Jose\+jwt | =4.22 | |
Connect2id Nimbus Jose\+jwt | =4.23 | |
Connect2id Nimbus Jose\+jwt | =4.24 | |
Connect2id Nimbus Jose\+jwt | =4.25 | |
Connect2id Nimbus Jose\+jwt | =4.26 | |
Connect2id Nimbus Jose\+jwt | =4.26.1 | |
Connect2id Nimbus Jose\+jwt | =4.27 | |
Connect2id Nimbus Jose\+jwt | =4.27.1 | |
Connect2id Nimbus Jose\+jwt | =4.28 | |
Connect2id Nimbus Jose\+jwt | =4.29 | |
Connect2id Nimbus Jose\+jwt | =4.30 | |
Connect2id Nimbus Jose\+jwt | =4.31 | |
Connect2id Nimbus Jose\+jwt | =4.31.1 | |
Connect2id Nimbus Jose\+jwt | =4.32 | |
Connect2id Nimbus Jose\+jwt | =4.33 | |
Connect2id Nimbus Jose\+jwt | =4.34 | |
Connect2id Nimbus Jose\+jwt | =4.34.1 | |
Connect2id Nimbus Jose\+jwt | =4.34.2 | |
Connect2id Nimbus Jose\+jwt | =4.35 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2017-12974 is a vulnerability in Nimbus JOSE+JWT that allows a remote attacker to conduct an Invalid Curve Attack by proceeding with ECKey construction without ensuring the public x and y coordinates are on the specified curve.
Connect2id Nimbus JOSE+JWT versions 1.0 to 4.35 and IBM GDE version up to 3.0.0.2 are affected by CVE-2017-12974.
CVE-2017-12974 has a severity rating of 7.5, which is considered high.
References related to CVE-2017-12974 include links to commits, issues, and the changelog on Bitbucket.