CVE-2016-8212

Name of the Vulnerable Software and Affected Versions EMC RSA BSAFE Crypto-J versions prior to 6.2.2

Description The issue is related to an improper OCSP validation. OCSP responses contain two time values: thisUpdate and nextUpdate, which specify a validity period. However, both values are optional. The software treats the lack of a nextUpdate as indicating that the OCSP response is valid indefinitely, instead of restricting its validity for a brief period surrounding the thisUpdate time.

Recommendations For versions prior to 6.2.2, update to version 6.2.2 or later to resolve the issue.