{"vulnerability": "cve-2022-2144", "sightings": [{"uuid": "1cf1f4c1-5899-47e6-bd6a-1614e3d7a1fe", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-21445", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/35eeac4e-0705-4912-b847-aa5c0980ae12", "content": "", "creation_timestamp": "2026-02-02T12:26:28.200832Z"}, {"uuid": "a04ea2bb-2807-4039-ab9a-55c9c86f2e70", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-21449", "type": "published-proof-of-concept", "source": "https://t.me/cKure/9414", "content": "Zero-Day in Java: A researcher has released proof-of-concept (PoC) code for a digital signature bypass vulnerability in Java.\n\nCVE-2022-21449 Proof of Concept demonstrating its usage with a client running on a vulnerable Java version and a malicious TLS server.\n\nhttps://github.com/khalednassar/CVE-2022-21449-TLS-PoC", "creation_timestamp": "2022-04-23T19:38:31.000000Z"}, {"uuid": "8b4d5397-7422-4ac9-9bdc-4a03a97c737f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-21449", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/1990", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aCVE-2022-21449 Vulnerability tester\nURL\uff1ahttps://github.com/jmiettinen/CVE-2022-21449-vuln-test\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-04-20T11:59:27.000000Z"}, {"uuid": "1c5315a7-4f45-410e-89b1-aaf8f92e3279", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-21445", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5558", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-21445\n\ud83d\udd25 CVSS Score: 9.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware (component: ADF Faces).  Supported versions that are affected are 12.2.1.3.0 and  12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Development Framework (ADF).  Successful attacks of this vulnerability can result in takeover of Oracle Application Development Framework (ADF). Note: Oracle Application Development Framework (ADF) is downloaded via Oracle JDeveloper Product. Please refer to Fusion Middleware Patch Advisor for more details. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).\n\ud83d\udccf Published: 2022-04-19T20:37:33.000Z\n\ud83d\udccf Modified: 2025-02-26T16:46:37.726Z\n\ud83d\udd17 References:\n1. https://www.oracle.com/security-alerts/cpuapr2022.html", "creation_timestamp": "2025-02-26T17:24:33.000000Z"}, {"uuid": "58d2e918-1e8f-48be-9c40-a62a4f27f26e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-21449", "type": "published-proof-of-concept", "source": "https://t.me/ckuRED/133", "content": "Zero-Day in Java: A researcher has released proof-of-concept (PoC) code for a digital signature bypass vulnerability in Java.\n\nCVE-2022-21449 Proof of Concept demonstrating its usage with a client running on a vulnerable Java version and a malicious TLS server.\n\nhttps://github.com/khalednassar/CVE-2022-21449-TLS-PoC", "creation_timestamp": "2022-04-23T19:38:24.000000Z"}, {"uuid": "0fe75579-ac6f-4803-a6c1-be5abd0d6838", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-21449", "type": "seen", "source": "https://t.me/poxek/1443", "content": "\u0412 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u043c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0438 Oracle \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 Java\n\n\u0422\u043e\u043b\u044c\u043a\u043e \u0447\u0442\u043e \u043f\u043e\u0441\u0442\u0443\u043f\u0438\u043b\u0438 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0435 \u0435\u0436\u0435\u043a\u0432\u0430\u0440\u0442\u0430\u043b\u044c\u043d\u044b\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 Oracle. \u0412 \u0440\u0430\u043c\u043a\u0430\u0445 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u044b\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 CVE-2022-21449, \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u043e\u0441\u0442\u0438. \u041e\u043d\u0430 \u043d\u0430\u0431\u0440\u0430\u043b\u0430 \u0446\u0435\u043b\u044b\u0445 7,5 \u0431\u0430\u043b\u043b\u0430 \u043f\u043e \u0448\u043a\u0430\u043b\u0435 CVSS. \u041e\u0434\u043d\u0430\u043a\u043e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442 \u043e\u0446\u0435\u043d\u0438\u043b \u0431\u044b \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u043d\u0430 \u043c\u0430\u043a\u0441\u0438\u043c\u0430\u043b\u044c\u043d\u044b\u0435 10 \u0431\u0430\u043b\u043b\u043e\u0432 \u00ab\u0438\u0437-\u0437\u0430 \u0448\u0438\u0440\u043e\u043a\u043e\u0433\u043e \u0441\u043f\u0435\u043a\u0442\u0440\u0430 \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0439 \u043d\u0430 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u0443\u044e \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c \u0432 \u043a\u043e\u043d\u0442\u0435\u043a\u0441\u0442\u0435 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c\u00bb.\n\n\u041b\u0435\u0433\u043a\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0435 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0441\u0435\u0442\u0438 \u0447\u0435\u0440\u0435\u0437 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u043e\u0432 \u0434\u043b\u044f \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 Oracle Java SE, Oracle GraalVM Enterprise Edition. \u0423\u0441\u043f\u0435\u0448\u043d\u044b\u0435 \u0430\u0442\u0430\u043a\u0438 \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0433\u0443\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044e, \u0443\u0434\u0430\u043b\u0435\u043d\u0438\u044e \u0438\u043b\u0438 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u043c \u0434\u0430\u043d\u043d\u044b\u043c \u0438\u043b\u0438 \u043a\u043e \u0432\u0441\u0435\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c Oracle Java SE, Oracle GraalVM Enterprise Edition. \u041f\u043e \u0441\u0443\u0442\u0438, \u044d\u0442\u043e \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u043a \u0430\u043d\u043d\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044e \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u0438 \u043a\u043e\u043d\u0442\u0435\u043d\u0442\u0430, \u0447\u0442\u043e \u0433\u0430\u0440\u0430\u043d\u0442\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u043f\u043e\u0434\u043f\u0438\u0441\u044f\u043c\u0438.\n\n\u0410\u043b\u0433\u043e\u0440\u0438\u0442\u043c \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u043f\u043e\u0434\u043f\u0438\u0441\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u043c\u0430\u0442\u0435\u043c\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0435 \u0443\u0440\u0430\u0432\u043d\u0435\u043d\u0438\u0435, \u043a\u043e\u0442\u043e\u0440\u043e\u0435 \u0441\u043e\u0441\u0442\u043e\u0438\u0442 \u0438\u0437 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u0433\u043e \u043a\u043b\u044e\u0447\u0430 \u043f\u043e\u0434\u043f\u0438\u0441\u0430\u0432\u0448\u0435\u0433\u043e, \u0445\u0435\u0448\u0430 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f \u0438 \u0434\u0432\u0443\u0445 \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0439, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442\u0441\u044f \u0432 \u043f\u043e\u0434\u043f\u0438\u0441\u044f\u0445 ECDSA r \u0438 s. \u041f\u043e\u0434\u043f\u0438\u0441\u044c \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0430\u0435\u0442\u0441\u044f, \u043a\u043e\u0433\u0434\u0430 \u043e\u0431\u0435 \u0441\u0442\u043e\u0440\u043e\u043d\u044b \u0443\u0440\u0430\u0432\u043d\u0435\u043d\u0438\u044f \u0440\u0430\u0432\u043d\u044b. \u041d\u0435\u0438\u0441\u043f\u0440\u0430\u0432\u043d\u0430\u044f \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u044f, \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u043d\u0430\u044f \u0432 Java 15, \u043d\u0435 \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u0442, \u0440\u0430\u0432\u043d\u044b \u043b\u0438 \u044d\u0442\u0438 r \u0438 s \u043d\u0443\u043b\u044e, \u0438 \u0438\u043c\u0435\u043d\u043d\u043e \u0437\u0434\u0435\u0441\u044c \u043d\u0430\u0447\u0438\u043d\u0430\u044e\u0442\u0441\u044f \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b. \u0415\u0441\u043b\u0438 r \u0438 s \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0440\u0430\u0432\u043d\u044b\u043c\u0438 \u043d\u0443\u043b\u044e, \u0442\u043e \u044d\u0442\u043e \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0442\u043e\u043c\u0443, \u0447\u0442\u043e \u043e\u0431\u0435 \u0441\u0442\u043e\u0440\u043e\u043d\u044b \u0443\u0440\u0430\u0432\u043d\u0435\u043d\u0438\u044f, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u0438\u0445 \u0434\u043b\u044f \u0443\u043c\u043d\u043e\u0436\u0435\u043d\u0438\u044f, \u0431\u0443\u0434\u0443\u0442 \u043e\u0431\u043d\u0443\u043b\u0435\u043d\u044b, \u0441\u043e\u0437\u0434\u0430\u0432\u0430\u044f \u0442\u0435\u043c \u0441\u0430\u043c\u044b\u043c \u0438\u0441\u0442\u0438\u043d\u043d\u043e\u0435 \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0438\u0435 0 = 0. \u0412 \u044d\u0442\u043e\u043c \u0441\u043b\u0443\u0447\u0430\u0435 \u043f\u043e\u0434\u043f\u0438\u0441\u044c \u0431\u0443\u0434\u0435\u0442 \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430, \u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0441 \u043f\u0443\u0441\u0442\u043e\u0439 \u043f\u043e\u0434\u043f\u0438\u0441\u044c\u044e (\u043f\u043e\u043b\u043d\u043e\u0439 \u043d\u0443\u043b\u0435\u0439) \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0442\u0435\u043d\u0442\u0443, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0434\u043e\u043b\u0436\u0435\u043d \u0431\u044b\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0435\u043d.\n\n\u041d\u0435\u0434\u043e\u0431\u0440\u043e\u0436\u0435\u043b\u0430\u0442\u0435\u043b\u044c, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0438\u0439 \u044d\u0442\u0443 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043c\u043e\u0436\u0435\u0442 \u043f\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u0438\u0442\u044c (\u043f\u0440\u043e\u0447\u0438\u0442\u0430\u0442\u044c \u0438 \u0438\u0437\u043c\u0435\u043d\u0438\u0442\u044c) \u0437\u0430\u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f \u0438\u043b\u0438 \u043e\u0431\u043e\u0439\u0442\u0438 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044e \u0432 \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0441\u043b\u0443\u0447\u0430\u044f\u0445. \u0411\u043e\u043b\u0435\u0435 \u0442\u043e\u0433\u043e, \u0432 \u0441\u043b\u0443\u0447\u0430\u044f\u0445, \u043a\u043e\u0433\u0434\u0430 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u043a\u043e\u043d\u0442\u0435\u043d\u0442\u0430 \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u0442\u0441\u044f \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043f\u043e\u0434\u043f\u0438\u0441\u0435\u0439 ECDSA, \u043f\u0440\u043e\u0446\u0435\u0441\u0441 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d. \n\n\u0427\u0442\u043e\u0431\u044b \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u0442\u044c \u044d\u0442\u0443 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c Java, \u043c\u044b \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u043c \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c Java \u0434\u043e \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438. \u0421\u0430\u043c\u044b\u0435 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 Java: Java 17 (\u0434\u043e\u043b\u0433\u043e\u0441\u0440\u043e\u0447\u043d\u0430\u044f \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430) \u0430 \u0442\u0430\u043a\u0436\u0435 Java 18, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u044f\u044e\u0442\u0441\u044f \u0434\u043e 17.0.3 \u0430 \u0442\u0430\u043a\u0436\u0435 18.0.1 \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0435\u043d\u043d\u043e. \u0411\u043e\u043b\u0435\u0435 \u0441\u0442\u0430\u0440\u044b\u0435, \u043d\u043e \u0432\u0441\u0435 \u0435\u0449\u0435 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u043c\u044b\u0435 \u0432\u0435\u0440\u0441\u0438\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0442\u0430\u043a\u0436\u0435 \u0431\u044b\u043b\u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u044b Java 7, Java 8 \u0430 \u0442\u0430\u043a\u0436\u0435 Java 11, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u044f\u044e\u0442\u0441\u044f \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 7u341, \u0432\u0435\u0440\u0441\u0438\u044f 8u331 \u0430 \u0442\u0430\u043a\u0436\u0435 11.0.15 \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0435\u043d\u043d\u043e.\n@NeKaspersky", "creation_timestamp": "2022-05-01T11:27:04.000000Z"}, {"uuid": "00c9469e-bdac-4d81-b35c-3e15a962f488", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-21449", "type": "published-proof-of-concept", "source": "https://t.me/HackingTeamGrupoOfficial/27866", "content": "Bug Bounty Hunter\nExploitation and Sample Vulnerable Application of the JWT Null Signature Vulnerability (CVE-2022-21449) https://github.com/DataDog/security-labs-pocs/tree/main/proof-of-concept-exploits/jwt-null-signature-vulnerable-app", "creation_timestamp": "2022-04-22T15:46:33.000000Z"}, {"uuid": "7cb7e86e-c5a5-4471-9be4-4099091f05e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-21449", "type": "published-proof-of-concept", "source": "https://t.me/true_secator/2882", "content": "\u042d\u043a\u0441\u043f\u0435\u0440\u0442\u044b \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0436\u0434\u0430\u044e\u0442 \u043e \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e\u0441\u0442\u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u043e\u0448\u0438\u0431\u043a\u0438 \u043e\u0431\u0445\u043e\u0434\u0430 \u0446\u0438\u0444\u0440\u043e\u0432\u043e\u0439 \u043f\u043e\u0434\u043f\u0438\u0441\u0438 \u0432 Java.\n\u00a0\n\u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0437\u0430\u043a\u043b\u044e\u0447\u0430\u0435\u0442\u0441\u044f \u0432 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0432 Java 15, Java 16, Java 17 \u0438\u043b\u0438 Java 18 \u0430\u043b\u0433\u043e\u0440\u0438\u0442\u043c\u0430 \u0446\u0438\u0444\u0440\u043e\u0432\u043e\u0439 \u043f\u043e\u0434\u043f\u0438\u0441\u0438 \u043d\u0430 \u044d\u043b\u043b\u0438\u043f\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u043a\u0440\u0438\u0432\u044b\u0445 ECDSA,\u00a0\u043a\u0440\u0438\u043f\u0442\u043e\u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u043e\u0433\u043e \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c\u0430\u00a0\u0446\u0438\u0444\u0440\u043e\u0432\u043e\u0439\u00a0\u043f\u043e\u0434\u043f\u0438\u0441\u0438\u00a0\u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0439 \u0438 \u0434\u0430\u043d\u043d\u044b\u0445 \u0434\u043b\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438 \u0438 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u0438 \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u043c\u043e\u0433\u043e.\n\u00a0\nCVE-2022-21449 \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 (\u043e\u0446\u0435\u043d\u043a\u0430 CVSS: 7,5), \u0432\u043b\u0438\u044f\u0435\u0442 \u043d\u0430 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 Java SE \u0438 Oracle GraalVM Enterprise Edition: Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; \u0438 Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1, 22.0.0.2.\n\u00a0\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b \u041d\u0438\u043b \u041c\u044d\u0434\u0434\u0435\u043d \u0438\u0437 ForgeRock \u0432 \u043d\u043e\u044f\u0431\u0440\u0435 2021 \u0433\u043e\u0434\u0430, \u043e\u0442\u043c\u0435\u0442\u0438\u0432, \u0447\u0442\u043e \u0435\u0435 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043f\u043e\u0434\u0434\u0435\u043b\u044b\u0432\u0430\u0442\u044c \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0442\u0438\u043f\u044b SSL-\u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0432 \u0438 \u0440\u0443\u043a\u043e\u043f\u043e\u0436\u0430\u0442\u0438\u0439 (\u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u044b\u0432\u0430\u0442\u044c \u0438 \u0438\u0437\u043c\u0435\u043d\u044f\u0442\u044c \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f), \u043f\u043e\u0434\u043f\u0438\u0441\u0430\u043d\u043d\u044b\u0435 JWT, SAML assertions, \u0442\u043e\u043a\u0435\u043d\u044b \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u043e\u0432 OIDC \u0438 \u0434\u0430\u0436\u0435 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 WebAuthn.\n\n\u041a\u0440\u0438\u043f\u0442\u043e\u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u043e\u0448\u0438\u0431\u043a\u0430, \u043f\u043e\u043b\u0443\u0447\u0438\u0432\u0448\u0430\u044f \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 Psychic Signatures \u0432 Java, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u0438\u0442\u044c \u043f\u043e\u043b\u043d\u043e\u0441\u0442\u044c\u044e \u043f\u0443\u0441\u0442\u0443\u044e \u043f\u043e\u0434\u043f\u0438\u0441\u044c, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043f\u043e-\u043f\u0440\u0435\u0436\u043d\u0435\u043c\u0443 \u0431\u0443\u0434\u0435\u0442 \u0432\u043e\u0441\u043f\u0440\u0438\u043d\u0438\u043c\u0430\u0442\u044c\u0441\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0439 \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0435\u0439 \u043a\u0430\u043a \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u0430\u044f. \u0423\u0441\u043f\u0435\u0448\u043d\u043e\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043f\u043e\u0434\u0434\u0435\u043b\u0430\u0442\u044c \u043f\u043e\u0434\u043f\u0438\u0441\u0438 \u0438 \u043e\u0431\u043e\u0439\u0442\u0438 \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438. Psychic Signatures \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u043a \u0430\u043d\u043d\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044e \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u0438 \u043b\u044e\u0431\u043e\u0433\u043e \u043a\u043e\u043d\u0442\u0435\u043d\u0442\u0430, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0433\u0430\u0440\u0430\u043d\u0442\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u044b\u043c\u0438 \u043f\u043e\u0434\u043f\u0438\u0441\u044f\u043c\u0438.\n\u00a0\n\u041d\u0435\u0441\u043c\u043e\u0442\u0440\u044f \u043d\u0430 \u0432\u0441\u044e \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u044c, \u043e\u0448\u0438\u0431\u043a\u0430 \u0431\u044b\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 Oracle \u0442\u043e\u043b\u044c\u043a\u043e \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 \u0435\u0436\u0435\u043a\u0432\u0430\u0440\u0442\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f (CPU) \u0432 \u0430\u043f\u0440\u0435\u043b\u0435 2022 \u0433., \u0430 \u0447\u0442\u043e \u043f\u0435\u0447\u0430\u043b\u044c\u043d\u0435\u0435 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u043c \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0425\u0430\u043b\u0435\u0434\u043e\u043c \u041d\u0430\u0441\u0441\u0430\u0440\u043e\u043c \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d PoC, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043d\u0430\u0433\u043b\u044f\u0434\u043d\u043e \u0434\u0435\u043c\u043e\u043d\u0441\u0442\u0440\u0438\u0440\u0443\u0435\u0442 \u043a\u0430\u043a \u0440\u0435\u0430\u043b\u0438\u0437\u0443\u0435\u0442\u0441\u044f \u043e\u0431\u0445\u043e\u0434\u0430 \u0446\u0438\u0444\u0440\u043e\u0432\u043e\u0439 \u043f\u043e\u0434\u043f\u0438\u0441\u0438 \u0432 Java. \n\u00a0\n\u0422\u0430\u043a \u0447\u0442\u043e \u043f\u0440\u0438\u0441\u043e\u0435\u0434\u0438\u043d\u044f\u0435\u043c\u0441\u044f \u043a OpenJDK \u0438 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u043c \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f\u043c, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0438\u043c Java 15-18 \u0441\u043e\u0441\u0440\u0435\u0434\u043e\u0442\u043e\u0447\u0438\u0442\u0441\u044f \u043d\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0438 \u0441\u0438\u0441\u0442\u0435\u043c \u0432\u043e \u0438\u0437\u0431\u0435\u0436\u0430\u043d\u0438\u0435 \u0430\u043a\u0442\u0438\u0432\u043d\u044b\u0445 \u043f\u043e\u043f\u044b\u0442\u043e\u043a \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438.", "creation_timestamp": "2022-04-25T12:27:01.000000Z"}, {"uuid": "d553384c-3de1-47ea-9aeb-7dc02eefbd84", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-21448", "type": "seen", "source": "https://t.me/cibsecurity/41138", "content": "\u203c CVE-2022-21448 \u203c\n\nVulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Visual Analyzer). The supported version that is affected is 5.9.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-20T00:30:52.000000Z"}, {"uuid": "9c17a190-8923-4f08-92cb-5e3b34d00f35", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-21449", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/64", "content": "https://github.com/khalednassar/CVE-2022-21449-TLS-PoC", "creation_timestamp": "2022-04-24T07:07:26.000000Z"}, {"uuid": "e1cff566-0f16-4cc3-acad-e43d99941551", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-21445", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:10:58.000000Z"}, {"uuid": "82b7bd0e-edd7-4d20-bc44-92e03b0fcec1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-21449", "type": "seen", "source": "https://gist.github.com/tauzen/e0a07a80095b49f1c46cdc8d09e52264", "content": "", "creation_timestamp": "2025-08-13T20:55:04.000000Z"}, {"uuid": "297e9217-683e-4e9a-996d-acd346e4ade6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-21449", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2002", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aDemos the Psychic Signatures vulnerability (CVE-2022-21449)\nURL\uff1ahttps://github.com/marschall/psychic-signatures\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-04-21T16:31:55.000000Z"}, {"uuid": "dc752f0a-996b-484d-a296-c0291572b44e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-21449", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2041", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aTest tool to demonstrate the vulnerability of CVE-2022-21449\nURL\uff1ahttps://github.com/Damok82/SignChecker\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-04-25T16:41:34.000000Z"}, {"uuid": "0bfabe19-ff88-4248-b0bd-1259338ff4fa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-21449", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/1991", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aCVE-2022-21449 Proof of Concept demonstrating its usage with a vulnerable client and a malicious TLS server\nURL\uff1ahttps://github.com/khalednassar/CVE-2022-21449-TLS-PoC\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-04-20T20:40:33.000000Z"}, {"uuid": "76636fc3-205d-48d5-ac3e-a494bc852f63", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-21449", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/2026", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aZeek script to detect exploitation attempts of CVE-2022-21449 for TLS connections\nURL\uff1ahttps://github.com/thack1/CVE-2022-21449\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-04-24T11:07:19.000000Z"}, {"uuid": "0eba5c7d-9edf-4013-94f1-4c3adfadf0b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-21445", "type": "published-proof-of-concept", "source": "https://t.me/itsec_news/884", "content": "\u200b\ud83d\udcc6 Oracle \u043f\u043e\u0442\u0440\u0430\u0442\u0438\u043b\u0430 6 \u043c\u0435\u0441\u044f\u0446\u0435\u0432 \u043d\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438.\n\n\ud83d\udcac \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 PeterJson \u0438\u0437 VNG Corporation \u0438 \u041d\u0433\u0443\u0435\u043d \u0414\u0436\u0430\u043d\u0433 \u0438\u0437 VNPT \u0432 \u043e\u043a\u0442\u044f\u0431\u0440\u0435 2021 \u0433\u043e\u0434\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2022-21445 \u0432 \u0444\u0440\u0435\u0439\u043c\u0432\u043e\u0440\u043a\u0435 ADF Faces \u0438 \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0438 \u043e \u043d\u0435\u0439 Oracle. \u041d\u043e \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0442\u043e\u043b\u044c\u043a\u043e \u0447\u0435\u0440\u0435\u0437 \u0448\u0435\u0441\u0442\u044c \u043c\u0435\u0441\u044f\u0446\u0435\u0432.\n\nCVE-2022-21445 \u2014 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0434\u0435\u0441\u0435\u0440\u0438\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043d\u0435\u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043c\u043e\u0433\u0443\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0434\u043b\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u043e\u0433\u043e \u043a\u043e\u0434\u0430 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u0436\u0435\u0440\u0442\u0432\u044b.\n\n\u041f\u043e \u0441\u043b\u043e\u0432\u0430\u043c \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439, RCE-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0432\u0441\u0435 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0438\u0435 \u0444\u0440\u0435\u0439\u043c\u0432\u043e\u0440\u043a ADF Faces, \u0432\u043a\u043b\u044e\u0447\u0430\u044f Business Intelligence, Enterprise Manager, Identity Management, SOA Suite, WebCenter Portal, Application Testing Suite \u0438 Transportation Management.\n\n\u0415\u0449\u0435 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0443\u0434\u0430\u043b\u043e\u0441\u044c \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u0442\u044c CVE-2022-21497 (\u0441 \u043e\u0446\u0435\u043d\u043a\u043e\u0439 8,1 \u043f\u043e \u0448\u043a\u0430\u043b\u0435 CVSS) \u2014 SSRF-\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u043c\u043e\u0433\u0443\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0432\u043c\u0435\u0441\u0442\u0435 \u0441 CVE-2022-21445 \u0434\u043b\u044f \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044f \u043a\u043e\u0434\u0430 \u0434\u043e \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438 \u0432 Oracle Access Manager.\n\n\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u044d\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0430\u043b\u0438 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043d\u0430\u0437\u0432\u0430\u043b\u0438 \u201c\u0427\u0443\u0434\u043e-\u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u201d. \u041f\u043e \u0438\u0445 \u0441\u043b\u043e\u0432\u0430\u043c, \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u0434\u0432\u0435\u0440\u0436\u0435\u043d\u044b \u0432\u0441\u0435 \u043e\u043d\u043b\u0430\u0439\u043d-\u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0438 \u043e\u0431\u043b\u0430\u0447\u043d\u044b\u0435 \u0441\u0435\u0440\u0432\u0438\u0441\u044b Oracle, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0438\u0435 ADF Faces.\n\n#\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c #Oracle \n\n\ud83d\udc49 \u041e\u0431\u0441\u0443\u0434\u0438\u0442\u044c \u0432 \u0447\u0430\u0442\u0435\n\n\ud83d\udd14 \u041f\u043e\u0434\u043f\u0438\u0441\u0430\u0442\u044c\u0441\u044f \u043d\u0430 CryptoYozh", "creation_timestamp": "2022-06-24T16:49:40.000000Z"}, {"uuid": "140cb590-07e4-4393-b71f-19ad4c0c7282", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-21449", "type": "published-proof-of-concept", "source": "https://t.me/RedPillDealer4833/18943", "content": "Better patch up.\nhttps://securityaffairs.co/wordpress/130522/security/poc-java-vulnerability-cve-2022-21449.html", "creation_timestamp": "2022-04-24T03:48:42.000000Z"}, {"uuid": "b4889e31-480f-460e-aebb-a869a5843ad7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-21449", "type": "published-proof-of-concept", "source": "https://t.me/poxek/1464", "content": "\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f Security Labs Research and Proof of Concept Code\n\u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0438 \u043f\u0440\u0438\u043c\u0435\u0440 \u043f\u0440\u0438\u043c\u0435\u043d\u0435\u043d\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043d\u0443\u043b\u0435\u0432\u043e\u0439 \u043f\u043e\u0434\u043f\u0438\u0441\u0438 JWT (CVE-2022-21449) \nhttps://github.com/DataDog/security-labs-pocs/\n\n\u0414\u043d\u0435\u0432\u043d\u0438\u043a \u0411\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u0438\u043a\u0430 \ud83d\udee1", "creation_timestamp": "2022-05-03T13:01:18.000000Z"}, {"uuid": "e43683dd-c61d-41a4-85c5-131a8de06769", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-21449", "type": "published-proof-of-concept", "source": "https://t.me/technical_private_cat/237", "content": "Hello, my Alice .\ud83c\udf80\u2728\n\nHere's a fun vulnerability in the Oracle Java SE product, Oracle GraalVM Enterprise Edition for Oracle Java SE - CVE-2022-21449 \n\nTo begin with a preface \u2728\n\nECDSA is a widely used standard for signing all kinds of digital documents.\nCompared to the older RSA standard, elliptic curve keys and signatures tend to be much smaller for equivalent security, resulting in their widespread use where size matters\ud83d\ude43\nFor example, the WebAuthn standard for two-factor authentication allows device manufacturers to choose from a wide range of signature algorithms, but in practice almost all devices manufactured now support only ECDSA signatures (a notable exception is Windows Hello, which uses RSA). Signatures.\n\nECDSA consists of two values called r and s . \nTo verify an ECDSA signature, the verifier checks an equation that includes r , s , the signer's public key, and the message hash. If the two parts of the equation are equal, the signature is valid, otherwise it is rejected. \n\nOne part of the equation is equal to r , and the other part is multiplied by r and the value obtained from s . So obviously it would be very bad if r and s were equal to 0, because then you would be checking that 0 = 0 \u2a09 [a bunch of stuff] , which would be true regardless of the value of [a bunch of stuff] . ] ! And that pile of things are important bits, such as the message and the public key. \nThat's why the very first check in the ECDSA checking algorithm is to make sure that r and s are both &gt;= 1.\n\nJava forgot to do an implementation of ECDSA signature checking in Java roughly it didn't check if r or s were equal to zero, so you can create a signature value where they are both 0 \ud83d\ude36\u200d\ud83c\udf2b\ufe0f and Java will accept it as a valid signature for any message and for any publicly available message. \n\nHere's an article with more details link \nHere is the scanner and confirmation of its use:\nImplementation and acknowledgement on go link\n Scanner for this python vulnerability link\n Be careful when working with java always check the code for vulnerability\ud83d\ude43\n\nAnd that's it . Thanks for reading. \u2764\ufe0f\nAnd to you dear Alice , have a good croquet game with the Cheshire cat\ud83d\udc08\n#cryptography #cve #scanners #java", "creation_timestamp": "2022-10-13T14:35:16.000000Z"}, {"uuid": "8da8ee2a-a147-4f77-896e-2716dd605967", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-21445", "type": "seen", "source": "https://t.me/arpsyndicate/2553", "content": "#ExploitObserverAlert\n\nCVE-2022-21445\n\nDESCRIPTION: Exploit Observer has 4 entries related to CVE-2022-21445. Vulnerability in the Oracle JDeveloper product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper. Successful attacks of this vulnerability can result in takeover of Oracle JDeveloper. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).\n\nFIRST-EPSS: 0.007050000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2024-01-06T16:03:22.000000Z"}, {"uuid": "43657635-c8f9-49da-9da2-6a1b13b01ecd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-21449", "type": "published-proof-of-concept", "source": "https://t.me/ARC15INFO/578", "content": "", "creation_timestamp": "2024-08-29T06:24:30.000000Z"}, {"uuid": "ebf1345d-908b-4f55-be07-0103062f2746", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-21444", "type": "published-proof-of-concept", "source": "https://t.me/BABATATASASA/5994", "content": "|       PRION:CVE-2022-21605    3.3     https://vulners.com/prion/PRION:CVE-2022-21605              |       PRION:CVE-2022-21604    3.3     https://vulners.com/prion/PRION:CVE-2022-21604              |       PRION:CVE-2022-21599    3.3     https://vulners.com/prion/PRION:CVE-2022-21599              |       PRION:CVE-2022-21594    3.3     https://vulners.com/prion/PRION:CVE-2022-21594              |       PRION:CVE-2021-2307     3.3     https://vulners.com/prion/PRION:CVE-2021-2307\n|       PRION:CVE-2023-21875    3.2     https://vulners.com/prion/PRION:CVE-2023-21875\n|       PRION:CVE-2022-39403    3.0     https://vulners.com/prion/PRION:CVE-2022-39403\n|       PRION:CVE-2022-21486    2.9     https://vulners.com/prion/PRION:CVE-2022-21486\n|       PRION:CVE-2022-21485    2.9     https://vulners.com/prion/PRION:CVE-2022-21485              |       PRION:CVE-2022-21484    2.9     https://vulners.com/prion/PRION:CVE-2022-21484\n|       PRION:CVE-2022-21357    2.9     https://vulners.com/prion/PRION:CVE-2022-21357\n|       PRION:CVE-2022-21355    2.9     https://vulners.com/prion/PRION:CVE-2022-21355              |       PRION:CVE-2022-21333    2.9     https://vulners.com/prion/PRION:CVE-2022-21333              |       PRION:CVE-2022-21331    2.9     https://vulners.com/prion/PRION:CVE-2022-21331\n|       PRION:CVE-2022-21325    2.9     https://vulners.com/prion/PRION:CVE-2022-21325\n|       PRION:CVE-2022-21324    2.9     https://vulners.com/prion/PRION:CVE-2022-21324\n|       PRION:CVE-2022-21323    2.9     https://vulners.com/prion/PRION:CVE-2022-21323\n|       PRION:CVE-2022-21321    2.9     https://vulners.com/prion/PRION:CVE-2022-21321              |       PRION:CVE-2022-21319    2.9     https://vulners.com/prion/PRION:CVE-2022-21319\n|       PRION:CVE-2022-21317    2.9     https://vulners.com/prion/PRION:CVE-2022-21317\n|       PRION:CVE-2022-21313    2.9     https://vulners.com/prion/PRION:CVE-2022-21313              |       PRION:CVE-2022-21312    2.9     https://vulners.com/prion/PRION:CVE-2022-21312              |       PRION:CVE-2022-21311    2.9     https://vulners.com/prion/PRION:CVE-2022-21311\n|       PRION:CVE-2019-2797     2.3     https://vulners.com/prion/PRION:CVE-2019-2797\n|       PRION:CVE-2022-39402    2.1     https://vulners.com/prion/PRION:CVE-2022-39402\n|       PRION:CVE-2022-21460    2.1     https://vulners.com/prion/PRION:CVE-2022-21460\n|       PRION:CVE-2022-21451    2.1     https://vulners.com/prion/PRION:CVE-2022-21451              |       PRION:CVE-2022-21444    2.1     https://vulners.com/prion/PRION:CVE-2022-21444\n|       PRION:CVE-2021-35632    2.1     https://vulners.com/prion/PRION:CVE-2021-35632\n|       PRION:CVE-2021-2042     2.1     https://vulners.com/prion/PRION:CVE-2021-2042               |       PRION:CVE-2019-2969     2.1     https://vulners.com/prion/PRION:CVE-2019-2969               |       PRION:CVE-2021-2232     1.9     https://vulners.com/prion/PRION:CVE-2021-2232\n|       PRION:CVE-2019-2634     1.9     https://vulners.com/prion/PRION:CVE-2019-2634\n|       PRION:CVE-2019-2535     1.9     https://vulners.com/prion/PRION:CVE-2019-2535\n|       PRION:CVE-2018-3174     1.9     https://vulners.com/prion/PRION:CVE-2018-3174\n|       PRION:CVE-2018-3084     1.9     https://vulners.com/prion/PRION:CVE-2018-3084\n|       PRION:CVE-2023-22058    1.7     https://vulners.com/prion/PRION:CVE-2023-22058\n|       PRION:CVE-2022-21625    1.7     https://vulners.com/prion/PRION:CVE-2022-21625\n|       PRION:CVE-2022-21595    1.7     https://vulners.com/prion/PRION:CVE-2022-21595              |       PRION:CVE-2019-2536     1.2     https://vulners.com/prion/PRION:CVE-2019-2536\n|       PRION:CVE-2019-2513     1.2     https://vulners.com/prion/PRION:CVE-2019-2513\n|_      PRION:CVE-2022-21611    0.8     https://vulners.com/prion/PRION:CVE-2022-21611              8443/tcp  closed https-alt       conn-refused     30000/tcp closed ndmps           conn-refused     30718/tcp closed unknown         conn-refused     30951/tcp closed unknown         conn-refused", "creation_timestamp": "2023-11-15T17:01:59.000000Z"}, {"uuid": "f055d9cb-20d7-4971-bb61-789c7cc2c627", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-21449", "type": "seen", "source": "https://t.me/NeKaspersky/2172", "content": "\u0412 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u043c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0438 Oracle \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0438 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 Java\n\n\u0422\u043e\u043b\u044c\u043a\u043e \u0447\u0442\u043e \u043f\u043e\u0441\u0442\u0443\u043f\u0438\u043b\u0438 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0435 \u0435\u0436\u0435\u043a\u0432\u0430\u0440\u0442\u0430\u043b\u044c\u043d\u044b\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 Oracle. \u0412 \u0440\u0430\u043c\u043a\u0430\u0445 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u044b\u043b\u0430 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0430 CVE-2022-21449, \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u044b\u0441\u043e\u043a\u043e\u0439 \u0441\u0442\u0435\u043f\u0435\u043d\u0438 \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u043e\u0441\u0442\u0438. \u041e\u043d\u0430 \u043d\u0430\u0431\u0440\u0430\u043b\u0430 \u0446\u0435\u043b\u044b\u0445 7,5 \u0431\u0430\u043b\u043b\u0430 \u043f\u043e \u0448\u043a\u0430\u043b\u0435 CVSS. \u041e\u0434\u043d\u0430\u043a\u043e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442 \u043e\u0446\u0435\u043d\u0438\u043b \u0431\u044b \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u043d\u0430 \u043c\u0430\u043a\u0441\u0438\u043c\u0430\u043b\u044c\u043d\u044b\u0435 10 \u0431\u0430\u043b\u043b\u043e\u0432 \u00ab\u0438\u0437-\u0437\u0430 \u0448\u0438\u0440\u043e\u043a\u043e\u0433\u043e \u0441\u043f\u0435\u043a\u0442\u0440\u0430 \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0439 \u043d\u0430 \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u0443\u044e \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c \u0432 \u043a\u043e\u043d\u0442\u0435\u043a\u0441\u0442\u0435 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c\u00bb.\n\n\u041b\u0435\u0433\u043a\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0435 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0441\u0435\u0442\u0438 \u0447\u0435\u0440\u0435\u0437 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u043e\u0432 \u0434\u043b\u044f \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438 Oracle Java SE, Oracle GraalVM Enterprise Edition. \u0423\u0441\u043f\u0435\u0448\u043d\u044b\u0435 \u0430\u0442\u0430\u043a\u0438 \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0433\u0443\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u043c\u0443 \u0441\u043e\u0437\u0434\u0430\u043d\u0438\u044e, \u0443\u0434\u0430\u043b\u0435\u043d\u0438\u044e \u0438\u043b\u0438 \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u043c \u0434\u0430\u043d\u043d\u044b\u043c \u0438\u043b\u0438 \u043a\u043e \u0432\u0441\u0435\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u043c \u0434\u0430\u043d\u043d\u044b\u043c Oracle Java SE, Oracle GraalVM Enterprise Edition. \u041f\u043e \u0441\u0443\u0442\u0438, \u044d\u0442\u043e \u043f\u0440\u0438\u0432\u043e\u0434\u0438\u0442 \u043a \u0430\u043d\u043d\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044e \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u0438 \u043a\u043e\u043d\u0442\u0435\u043d\u0442\u0430, \u0447\u0442\u043e \u0433\u0430\u0440\u0430\u043d\u0442\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u043f\u043e\u0434\u043f\u0438\u0441\u044f\u043c\u0438.\n\n\u0410\u043b\u0433\u043e\u0440\u0438\u0442\u043c \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u043f\u043e\u0434\u043f\u0438\u0441\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u043c\u0430\u0442\u0435\u043c\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u043e\u0435 \u0443\u0440\u0430\u0432\u043d\u0435\u043d\u0438\u0435, \u043a\u043e\u0442\u043e\u0440\u043e\u0435 \u0441\u043e\u0441\u0442\u043e\u0438\u0442 \u0438\u0437 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u0433\u043e \u043a\u043b\u044e\u0447\u0430 \u043f\u043e\u0434\u043f\u0438\u0441\u0430\u0432\u0448\u0435\u0433\u043e, \u0445\u0435\u0448\u0430 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f \u0438 \u0434\u0432\u0443\u0445 \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0439, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442\u0441\u044f \u0432 \u043f\u043e\u0434\u043f\u0438\u0441\u044f\u0445 ECDSA r \u0438 s. \u041f\u043e\u0434\u043f\u0438\u0441\u044c \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0430\u0435\u0442\u0441\u044f, \u043a\u043e\u0433\u0434\u0430 \u043e\u0431\u0435 \u0441\u0442\u043e\u0440\u043e\u043d\u044b \u0443\u0440\u0430\u0432\u043d\u0435\u043d\u0438\u044f \u0440\u0430\u0432\u043d\u044b. \u041d\u0435\u0438\u0441\u043f\u0440\u0430\u0432\u043d\u0430\u044f \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u044f, \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u0435\u043d\u043d\u0430\u044f \u0432 Java 15, \u043d\u0435 \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u0442, \u0440\u0430\u0432\u043d\u044b \u043b\u0438 \u044d\u0442\u0438 r \u0438 s \u043d\u0443\u043b\u044e, \u0438 \u0438\u043c\u0435\u043d\u043d\u043e \u0437\u0434\u0435\u0441\u044c \u043d\u0430\u0447\u0438\u043d\u0430\u044e\u0442\u0441\u044f \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b. \u0415\u0441\u043b\u0438 r \u0438 s \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u0440\u0430\u0432\u043d\u044b\u043c\u0438 \u043d\u0443\u043b\u044e, \u0442\u043e \u044d\u0442\u043e \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0442\u043e\u043c\u0443, \u0447\u0442\u043e \u043e\u0431\u0435 \u0441\u0442\u043e\u0440\u043e\u043d\u044b \u0443\u0440\u0430\u0432\u043d\u0435\u043d\u0438\u044f, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u0438\u0445 \u0434\u043b\u044f \u0443\u043c\u043d\u043e\u0436\u0435\u043d\u0438\u044f, \u0431\u0443\u0434\u0443\u0442 \u043e\u0431\u043d\u0443\u043b\u0435\u043d\u044b, \u0441\u043e\u0437\u0434\u0430\u0432\u0430\u044f \u0442\u0435\u043c \u0441\u0430\u043c\u044b\u043c \u0438\u0441\u0442\u0438\u043d\u043d\u043e\u0435 \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0438\u0435 0 = 0. \u0412 \u044d\u0442\u043e\u043c \u0441\u043b\u0443\u0447\u0430\u0435 \u043f\u043e\u0434\u043f\u0438\u0441\u044c \u0431\u0443\u0434\u0435\u0442 \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430, \u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0441 \u043f\u0443\u0441\u0442\u043e\u0439 \u043f\u043e\u0434\u043f\u0438\u0441\u044c\u044e (\u043f\u043e\u043b\u043d\u043e\u0439 \u043d\u0443\u043b\u0435\u0439) \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043a\u043e\u043d\u0442\u0435\u043d\u0442\u0443, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0434\u043e\u043b\u0436\u0435\u043d \u0431\u044b\u0442\u044c \u0437\u0430\u0449\u0438\u0449\u0435\u043d.\n\n\u041d\u0435\u0434\u043e\u0431\u0440\u043e\u0436\u0435\u043b\u0430\u0442\u0435\u043b\u044c, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0438\u0439 \u044d\u0442\u0443 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u043c\u043e\u0436\u0435\u0442 \u043f\u0435\u0440\u0435\u0445\u0432\u0430\u0442\u0438\u0442\u044c (\u043f\u0440\u043e\u0447\u0438\u0442\u0430\u0442\u044c \u0438 \u0438\u0437\u043c\u0435\u043d\u0438\u0442\u044c) \u0437\u0430\u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0435 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f \u0438\u043b\u0438 \u043e\u0431\u043e\u0439\u0442\u0438 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u044e \u0432 \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0441\u043b\u0443\u0447\u0430\u044f\u0445. \u0411\u043e\u043b\u0435\u0435 \u0442\u043e\u0433\u043e, \u0432 \u0441\u043b\u0443\u0447\u0430\u044f\u0445, \u043a\u043e\u0433\u0434\u0430 \u0446\u0435\u043b\u043e\u0441\u0442\u043d\u043e\u0441\u0442\u044c \u043a\u043e\u043d\u0442\u0435\u043d\u0442\u0430 \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u0442\u0441\u044f \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u043f\u043e\u0434\u043f\u0438\u0441\u0435\u0439 ECDSA, \u043f\u0440\u043e\u0446\u0435\u0441\u0441 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d. \n\n\u0427\u0442\u043e\u0431\u044b \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u0442\u044c \u044d\u0442\u0443 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c Java, \u043c\u044b \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u043c \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c Java \u0434\u043e \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438. \u0421\u0430\u043c\u044b\u0435 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 Java: Java 17 (\u0434\u043e\u043b\u0433\u043e\u0441\u0440\u043e\u0447\u043d\u0430\u044f \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430) \u0430 \u0442\u0430\u043a\u0436\u0435 Java 18, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u044f\u044e\u0442\u0441\u044f \u0434\u043e 17.0.3 \u0430 \u0442\u0430\u043a\u0436\u0435 18.0.1 \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0435\u043d\u043d\u043e. \u0411\u043e\u043b\u0435\u0435 \u0441\u0442\u0430\u0440\u044b\u0435, \u043d\u043e \u0432\u0441\u0435 \u0435\u0449\u0435 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u043c\u044b\u0435 \u0432\u0435\u0440\u0441\u0438\u0438, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0442\u0430\u043a\u0436\u0435 \u0431\u044b\u043b\u0438 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u044b Java 7, Java 8 \u0430 \u0442\u0430\u043a\u0436\u0435 Java 11, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043e\u0431\u043d\u043e\u0432\u043b\u044f\u044e\u0442\u0441\u044f \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 7u341, \u0432\u0435\u0440\u0441\u0438\u044f 8u331 \u0430 \u0442\u0430\u043a\u0436\u0435 11.0.15 \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0435\u043d\u043d\u043e.\n@NeKaspersky", "creation_timestamp": "2022-04-26T17:32:48.000000Z"}, {"uuid": "8934f96e-731f-43b6-882b-c3fbe332d3d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-2144", "type": "seen", "source": "https://t.me/cibsecurity/46396", "content": "\u203c CVE-2022-2144 \u203c\n\nThe Jquery Validation For Contact Form 7 WordPress plugin before 5.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change Blog options like default_role, users_can_register via a CSRF attack\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-07-17T14:27:53.000000Z"}, {"uuid": "15df7dbd-969e-4913-b0fb-803dd2f0ed88", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-21444", "type": "seen", "source": "https://t.me/cibsecurity/41146", "content": "\u203c CVE-2022-21444 \u203c\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-20T00:31:00.000000Z"}, {"uuid": "41df1e8e-0e90-4d83-8de2-ef85f739ba56", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-21449", "type": "seen", "source": "https://t.me/canyoupwnme/6784", "content": "CVE-2022-21449: Psychic Signatures in Java\nhttps://neilmadden.blog/2022/04/19/psychic-signatures-in-java/", "creation_timestamp": "2022-04-20T21:18:28.000000Z"}, {"uuid": "466df132-dad5-4f6f-b46f-8fc1aa491bcc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-21449", "type": "seen", "source": "https://t.me/thebugbountyhunter/6188", "content": "CVE-2022-21449: Psychic Signatures in Java\n\nhttps://neilmadden.blog/2022/04/19/psychic-signatures-in-java/", "creation_timestamp": "2022-04-21T10:20:36.000000Z"}, {"uuid": "567cc97e-e3ed-4e11-bf22-d50e4d40d806", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-21445", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/6269", "content": "#exploit\n1. CVE-2022-21445:\n\"The Miracle Exploit\"\nhttps://peterjson.medium.com/miracle-one-vulnerability-to-rule-them-all-c3aed9edeea2\n\n2. CVE-2022-31626:\nRCE in PHP &lt;=7.4.29\nhttps://github.com/CFandR-github/PHP-binary-bugs/tree/main/cve_2022_31626_remote_exploit", "creation_timestamp": "2022-06-25T12:47:01.000000Z"}, {"uuid": "dcc31bab-91bd-4eb7-a0d1-4036db1fa9f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-21445", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2024-09-20T18:10:03.000000Z"}, {"uuid": "57ee8758-7691-484c-975f-46a50b3df779", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-21445", "type": "seen", "source": "https://bsky.app/profile/talk-nerdyto-me.bsky.social/post/3ll5f5pqgn627", "content": "", "creation_timestamp": "2025-03-24T18:29:04.609317Z"}, {"uuid": "8fe47686-e471-4be5-bb45-a70f402135d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-21449", "type": "seen", "source": "https://gist.github.com/Psynosaur/7a31ba2c0d1286e1daf3686d35f77e10", "content": "", "creation_timestamp": "2025-07-06T11:40:25.000000Z"}, {"uuid": "b082e9a7-f985-4c86-b32d-09a745cee8be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "CVE-2022-21449", "type": "seen", "source": "https://www.kyberturvallisuuskeskus.fi/fi/haavoittuvuus_7/2022", "content": "", "creation_timestamp": "2022-04-21T08:54:22.000000Z"}, {"uuid": "2906ff3d-b420-4774-8449-4c8e123048d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-21449", "type": "published-proof-of-concept", "source": "https://t.me/technical_private_cat/236", "content": "\u041f\u0440\u0438\u0432\u0435\u0442, \u0442\u0435\u0431\u0435 \u043c\u043e\u044f \u0410\u043b\u0438\u0441\u0430.\ud83c\udf80\u2728\n\n\u0412\u043e\u0442 \u0442\u0435\u0431\u0435  \u0437\u0430\u0431\u0430\u0432\u043d\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c  \u0432 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0435 Oracle Java SE, Oracle GraalVM Enterprise Edition \u0434\u043b\u044f Oracle Java SE - CVE-2022-21449 \n\n\u0414\u043b\u044f \u043d\u0430\u0447\u0430\u043b\u0430 \u043f\u0440\u0435\u0434\u0438\u0441\u043b\u043e\u0432\u0438\u0435 \u2728\n\nECDSA \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0448\u0438\u0440\u043e\u043a\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u043c \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043e\u043c \u0434\u043b\u044f \u043f\u043e\u0434\u043f\u0438\u0441\u0438 \u0432\u0441\u0435\u0445 \u0432\u0438\u0434\u043e\u0432 \u0446\u0438\u0444\u0440\u043e\u0432\u044b\u0445 \u0434\u043e\u043a\u0443\u043c\u0435\u043d\u0442\u043e\u0432.\n\u041f\u043e \u0441\u0440\u0430\u0432\u043d\u0435\u043d\u0438\u044e \u0441\u043e \u0441\u0442\u0430\u0440\u044b\u043c \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u043e\u043c RSA \u043a\u043b\u044e\u0447\u0438 \u0438 \u043f\u043e\u0434\u043f\u0438\u0441\u0438 \u043d\u0430 \u044d\u043b\u043b\u0438\u043f\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u043a\u0440\u0438\u0432\u044b\u0445, \u043a\u0430\u043a \u043f\u0440\u0430\u0432\u0438\u043b\u043e, \u043d\u0430\u043c\u043d\u043e\u0433\u043e \u043c\u0435\u043d\u044c\u0448\u0435 \u0434\u043b\u044f \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u044d\u043a\u0432\u0438\u0432\u0430\u043b\u0435\u043d\u0442\u043d\u043e\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0432 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u0447\u0435\u0433\u043e \u043e\u043d\u0438 \u0448\u0438\u0440\u043e\u043a\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442\u0441\u044f \u0432 \u0442\u0435\u0445 \u0441\u043b\u0443\u0447\u0430\u044f\u0445, \u043a\u043e\u0433\u0434\u0430 \u0440\u0430\u0437\u043c\u0435\u0440 \u0438\u043c\u0435\u0435\u0442 \u0431\u043e\u043b\u044c\u0448\u043e\u0435 \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435\ud83d\ude43\n\u041d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442 WebAuthn \u0434\u043b\u044f \u0434\u0432\u0443\u0445\u0444\u0430\u043a\u0442\u043e\u0440\u043d\u043e\u0439 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u044f\u043c \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432 \u0432\u044b\u0431\u0438\u0440\u0430\u0442\u044c \u0438\u0437 \u0448\u0438\u0440\u043e\u043a\u043e\u0433\u043e \u0441\u043f\u0435\u043a\u0442\u0440\u0430 \u0430\u043b\u0433\u043e\u0440\u0438\u0442\u043c\u043e\u0432 \u043f\u043e\u0434\u043f\u0438\u0441\u0438, \u043d\u043e \u043d\u0430 \u043f\u0440\u0430\u043a\u0442\u0438\u043a\u0435 \u043f\u043e\u0447\u0442\u0438 \u0432\u0441\u0435 \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430, \u043f\u0440\u043e\u0438\u0437\u0432\u0435\u0434\u0435\u043d\u043d\u044b\u0435 \u0441\u0435\u0439\u0447\u0430\u0441, \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u044e\u0442 \u0442\u043e\u043b\u044c\u043a\u043e \u043f\u043e\u0434\u043f\u0438\u0441\u0438 ECDSA (\u0437\u0430\u043c\u0435\u0442\u043d\u044b\u043c \u0438\u0441\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435\u043c \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f Windows Hello, \u0432 \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f RSA). \u041f\u043e\u0434\u043f\u0438\u0441\u0438.\n\nECDSA \u0441\u043e\u0441\u0442\u043e\u0438\u0442 \u0438\u0437 \u0434\u0432\u0443\u0445 \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0439, \u043d\u0430\u0437\u044b\u0432\u0430\u0435\u043c\u044b\u0445 r \u0438 s . \n\u0427\u0442\u043e\u0431\u044b \u043f\u0440\u043e\u0432\u0435\u0440\u0438\u0442\u044c \u043f\u043e\u0434\u043f\u0438\u0441\u044c ECDSA , \u0432\u0435\u0440\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440 \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u0442 \u0443\u0440\u0430\u0432\u043d\u0435\u043d\u0438\u0435, \u0432\u043a\u043b\u044e\u0447\u0430\u044e\u0449\u0435\u0435 r , s , \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u0439 \u043a\u043b\u044e\u0447 \u043f\u043e\u0434\u043f\u0438\u0441\u0430\u0432\u0448\u0435\u0433\u043e \u0438 \u0445\u044d\u0448 \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f. \u0415\u0441\u043b\u0438 \u0434\u0432\u0435 \u0447\u0430\u0441\u0442\u0438 \u0443\u0440\u0430\u0432\u043d\u0435\u043d\u0438\u044f \u0440\u0430\u0432\u043d\u044b, \u0442\u043e \u043f\u043e\u0434\u043f\u0438\u0441\u044c \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u0430, \u0432 \u043f\u0440\u043e\u0442\u0438\u0432\u043d\u043e\u043c \u0441\u043b\u0443\u0447\u0430\u0435 \u043e\u043d\u0430 \u043e\u0442\u043a\u043b\u043e\u043d\u044f\u0435\u0442\u0441\u044f. \n\n\u041e\u0434\u043d\u0430 \u0447\u0430\u0441\u0442\u044c \u0443\u0440\u0430\u0432\u043d\u0435\u043d\u0438\u044f \u0440\u0430\u0432\u043d\u0430 r , \u0430 \u0434\u0440\u0443\u0433\u0430\u044f \u0447\u0430\u0441\u0442\u044c \u0443\u043c\u043d\u043e\u0436\u0430\u0435\u0442\u0441\u044f \u043d\u0430 r \u0438 \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435, \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u043d\u043e\u0435 \u0438\u0437 s . \u0422\u0430\u043a \u0447\u0442\u043e, \u043e\u0447\u0435\u0432\u0438\u0434\u043d\u043e, \u0431\u044b\u043b\u043e \u0431\u044b \u043e\u0447\u0435\u043d\u044c \u043f\u043b\u043e\u0445\u043e, \u0435\u0441\u043b\u0438 \u0431\u044b r \u0438 s \u0431\u044b\u043b\u0438 \u0440\u0430\u0432\u043d\u044b 0, \u043f\u043e\u0442\u043e\u043c\u0443 \u0447\u0442\u043e \u0442\u043e\u0433\u0434\u0430 \u0432\u044b \u0431\u044b \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u043b\u0438, \u0447\u0442\u043e 0 = 0 \u2a09 [\u043a\u0443\u0447\u0430 \u0432\u0435\u0449\u0435\u0439] , \u0447\u0442\u043e \u0431\u0443\u0434\u0435\u0442 \u0438\u0441\u0442\u0438\u043d\u043d\u044b\u043c \u043d\u0435\u0437\u0430\u0432\u0438\u0441\u0438\u043c\u043e \u043e\u0442 \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u044f [\u043a\u0443\u0447\u0430 \u0432\u0435\u0449\u0435\u0439]. ] ! \u0418 \u044d\u0442\u0430 \u043a\u0443\u0447\u0430 \u0432\u0435\u0449\u0435\u0439 \u2014 \u0432\u0430\u0436\u043d\u044b\u0435 \u0431\u0438\u0442\u044b, \u0442\u0430\u043a\u0438\u0435 \u043a\u0430\u043a \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0435 \u0438 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u0439 \u043a\u043b\u044e\u0447. \n\u0412\u043e\u0442 \u043f\u043e\u0447\u0435\u043c\u0443 \u0441\u0430\u043c\u0430\u044f \u043f\u0435\u0440\u0432\u0430\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u0432 \u0430\u043b\u0433\u043e\u0440\u0438\u0442\u043c\u0435 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 ECDSA \u0437\u0430\u043a\u043b\u044e\u0447\u0430\u0435\u0442\u0441\u044f \u0432 \u0442\u043e\u043c, \u0447\u0442\u043e\u0431\u044b \u0443\u0431\u0435\u0434\u0438\u0442\u044c\u0441\u044f, \u0447\u0442\u043e r \u0438 s \u043e\u0431\u0430 &gt;= 1.\n\nJava \u0437\u0430\u0431\u044b\u043b \u0441\u0434\u0435\u043b\u0430\u0442\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u044e \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u043f\u043e\u0434\u043f\u0438\u0441\u0438 ECDSA \u0432 Java \u0433\u0440\u0443\u0431\u043e \u0433\u043e\u0432\u043e\u0440\u044f \u043e\u043d\u0430 \u043d\u0435 \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u043b\u0430, \u0440\u0430\u0432\u043d\u044b \u043b\u0438 r \u0438\u043b\u0438 s \u043d\u0443\u043b\u044e, \u043f\u043e\u044d\u0442\u043e\u043c\u0443 \u0432\u044b \u043c\u043e\u0436\u0435\u0442\u0435 \u0441\u043e\u0437\u0434\u0430\u0442\u044c \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435 \u043f\u043e\u0434\u043f\u0438\u0441\u0438, \u0432 \u043a\u043e\u0442\u043e\u0440\u043e\u043c \u043e\u043d\u0438 \u043e\u0431\u0430 \u0440\u0430\u0432\u043d\u044b 0 \ud83d\ude36\u200d\ud83c\udf2b\ufe0f, \u0438 Java \u043f\u0440\u0438\u043c\u0435\u0442 \u0435\u0433\u043e \u043a\u0430\u043a \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u0443\u044e \u043f\u043e\u0434\u043f\u0438\u0441\u044c \u0434\u043b\u044f \u043b\u044e\u0431\u043e\u0433\u043e \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f \u0438 \u0434\u043b\u044f \u043b\u044e\u0431\u043e\u0433\u043e \u043e\u0431\u0449\u0435\u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e\u0433\u043e \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u044f. \n\n\u0412\u043e\u0442 \u0441\u0442\u0430\u0442\u044c\u044f \u0441 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u044b\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0435\u043c \u0442\u044b\u043a \n\u0412\u043e\u0442 \u0441\u043a\u0430\u043d\u0435\u0440 \u0438 \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0438\u0435 \u0435\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f:\n\u0420\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u044f \u0438 \u043f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0438\u0435 \u043d\u0430 go \u0442\u044b\u043a\n\u0421\u043a\u0430\u043d\u0435\u0440 \u043d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u0442\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043d\u0430 python \u0442\u044b\u043a\n\u0411\u0443\u0434\u044c\u0442\u0435 \u043e\u0441\u0442\u043e\u0440\u043e\u0436\u043d\u044b \u043f\u0440\u0438  \u0440\u0430\u0431\u043e\u0442\u0435 \u0441 java  \u0432\u0441\u0435\u0433\u0434\u0430 \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0439\u0442\u0435 \u043a\u043e\u0434 \u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438\ud83d\ude43\n\n\u0410 \u043d\u0430 \u044d\u0442\u043e \u0432\u0441\u0435 . \u0421\u043f\u0430\u0441\u0438\u0431\u043e \u0437\u0430 \u043f\u0440\u043e\u0447\u0442\u0435\u043d\u0438\u0435. \u2764\ufe0f\n\u0410 \u0442\u0435\u0431\u0435 \u0434\u043e\u0440\u043e\u0433\u0430\u044f \u0410\u043b\u0438\u0441\u0430 , \u0443\u0434\u0430\u0447\u043d\u043e\u0439 \u0438\u0433\u0440\u044b \u0432 \u043a\u0440\u043e\u043a\u0435\u0442 \u0441 \u0427\u0435\u0448\u0438\u0440\u0441\u043a\u0438\u043c \u043a\u043e\u0442\u043e\u043c\ud83d\udc08\n#cryptography #cve #scanners #java", "creation_timestamp": "2022-10-13T14:35:14.000000Z"}, {"uuid": "e6568185-3614-4d9a-b5b5-f52413c416c3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-21449", "type": "published-proof-of-concept", "source": "https://t.me/BlueRedTeam/1967", "content": "#CVE-2022\n\nCVE-2022-21449 Proof of Concept demonstrating its usage with a vulnerable client and a malicious TLS server\n\nhttps://github.com/khalednassar/CVE-2022-21449-TLS-PoC\n\n@BlueRedTeam", "creation_timestamp": "2022-04-21T08:41:01.000000Z"}, {"uuid": "290e0f71-2397-44d8-bb82-29d35c540587", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-21449", "type": "published-proof-of-concept", "source": "https://t.me/BlueRedTeam/1973", "content": "#exploit\n\n+ CVE-2022-21449:\n\"Psychic Signatures\"\nPoC demonstrating its usage with a vulnerable client and a malicious TLS server\nhttps://github.com/khalednassar/CVE-2022-21449-TLS-PoC\n\n+  CVE-2022-21449:\nExploitation and Sample Vulnerable Application of the JWT Null Signature Vulnerability\nhttps://github.com/DataDog/security-labs-pocs/tree/main/proof-of-concept-exploits/jwt-null-signature-vulnerable-app\n\n@BlueRedTeam", "creation_timestamp": "2022-04-22T08:42:47.000000Z"}, {"uuid": "098730c6-615a-4cf4-8fc4-c967d0e4326e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-21449", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/5856", "content": "#exploit\n1. CVE-2022-21449:\n\"Psychic Signatures\"\nPoC demonstrating its usage with a vulnerable client and a malicious TLS server\nhttps://github.com/khalednassar/CVE-2022-21449-TLS-PoC\n\n2. CVE-2022-21449:\nExploitation and Sample Vulnerable Application of the JWT Null Signature Vulnerability\nhttps://github.com/DataDog/security-labs-pocs/tree/main/proof-of-concept-exploits/jwt-null-signature-vulnerable-app", "creation_timestamp": "2022-04-22T11:01:07.000000Z"}, {"uuid": "04000927-6942-42bf-812d-dcf3ab9ef114", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-21445", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/35eeac4e-0705-4912-b847-aa5c0980ae12", "content": "", "creation_timestamp": "2026-02-02T12:26:28.200832Z"}]}