Vulnerability in Apache Derby
CVE-2009-4269
The password hash generation algorithm in the BUILTIN authentication functionality for Apache Derby before 10.6.1.0 performs a transformation that reduces the size of the set of inputs to SHA-1, which produces a small search space that mak…
Vulnerability class: POODLE (CVE-2014-3566)
EPSS: 0.015 (70.7th percentile) — read the EPSS interpretation.
Affected products
- Apache Derby
- N/a — versions n/a
Weakness classification (CWE)
Public proof-of-concept exploits
References
- secalert@redhat.com (mailing-list, x_refsource_MLIST)
- secalert@redhat.com (x_refsource_SECUNIA, third-party-advisory)
- secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
- secalert@redhat.com (x_refsource_MISC)
- secalert@redhat.com (vdb-entry, x_refsource_VUPEN)
- secalert@redhat.com (x_refsource_SECUNIA, third-party-advisory)
- secalert@redhat.com (x_refsource_MISC)
- secalert@redhat.com (vdb-entry, x_refsource_SECTRACK)
- secalert@redhat.com (x_refsource_CONFIRM)
- secalert@redhat.com (vdb-entry, x_refsource_BID)
Frequently asked questions
- What is CVE-2009-4269?
- CVE-2009-4269 is a vulnerability in Apache Derby, classified under Cryptographic Issues. Published 2010-08-16.
- Is CVE-2009-4269 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.