Search for vulnerabilities
| Vulnerability ID | VCID-h56j-d13q-v7av |
| Aliases |
CVE-2012-5081
|
| Summary | OpenJDK: JSSE denial of service (JSSE, 7186286) |
| Status | Published |
| Exploitability | None |
| Weighted Severity | None |
| Risk | None |
| Affected and Fixed Packages | Package Details |
| There are no known CWE. |
| System | Score | Found at |
|---|---|---|
| epss | 0.757 | https://api.first.org/data/v1/epss?cve=CVE-2012-5081 |
| Data source | Metasploit |
|---|---|
| Description | Some TLS implementations handle errors processing RSA key exchanges and encryption (PKCS #1 v1.5 messages) in a broken way that leads an adaptive chosen-chiphertext attack. Attackers cannot recover a server's private key, but they can decrypt and sign messages with it. A strong oracle occurs when the TLS server does not strictly check message formatting and needs less than a million requests on average to decode a given ciphertext. A weak oracle server strictly checks message formatting and often requires many more requests to perform the attack. This module requires Python 3 with the gmpy2 and cryptography packages to be present. |
| Note | AKA: - ROBOT - Adaptive chosen-ciphertext attack |
| Ransomware campaign use | Unknown |
| Source publication date | June 17, 2009 |
| Source URL | https://github.com/rapid7/metasploit-framework/tree/master/modules/auxiliary/scanner/ssl/bleichenbacher_oracle.py |
| Percentile | 0.98926 |
| EPSS Score | 0.757 |
| Published At | May 29, 2026, 12:55 p.m. |
| Date | Actor | Action | Source | VulnerableCode Version |
|---|---|---|---|---|
| 2026-05-29T10:11:10.712744+00:00 | RedHat Importer | Import | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-5081.json | 38.6.0 |