← Back to CVE List

CVE-2016-8212

Published: 2017-02-03T07:59Z
Last Modified: 2024-11-21T02:58Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
An issue was discovered in EMC RSA BSAFE Crypto-J versions prior to 6.2.2. There is an Improper OCSP Validation Vulnerability. OCSP responses have two time values: thisUpdate and nextUpdate. These specify a validity period; however, both values are optional. Crypto-J treats the lack of a nextUpdate as indicating that the OCSP response is valid indefinitely instead of restricting its validity for a brief period surrounding the thisUpdate time. This vulnerability is similar to the issue described in CVE-2015-4748. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt