Vulnerability Details CVE-2007-6721
The Legion of the Bouncy Castle Java Cryptography API before release 1.38, as used in Crypto Provider Package before 1.36, has unknown impact and remote attack vectors related to "a Bleichenbacher vulnerability in simple RSA CMS signatures without signed attributes."
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 72.6%
CVSS Severity
CVSS v2 Score 10.0
References
- http://freshmeat.net/projects/bouncycastlecryptoapi/releases/265580
- http://www.bouncycastle.org/csharp/
- http://www.bouncycastle.org/devmailarchive/msg08195.html
- http://www.bouncycastle.org/releasenotes.html
- http://www.osvdb.org/50358
- http://www.osvdb.org/50359
- http://www.osvdb.org/50360
- http://freshmeat.net/projects/bouncycastlecryptoapi/releases/265580
- http://www.bouncycastle.org/csharp/
- http://www.bouncycastle.org/devmailarchive/msg08195.html
- http://www.bouncycastle.org/releasenotes.html
- http://www.osvdb.org/50358
- http://www.osvdb.org/50359
- http://www.osvdb.org/50360
Products affected by CVE-2007-6721
-
cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:*
-
cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.0
-
cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.01
-
cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.02
-
cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.03
-
cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.04
-
cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.05
-
cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.06
-
cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.07
-
cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.08
-
cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.09
-
cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.11
-
cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.12
-
cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.13
-
cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.14
-
cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.15
-
cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.16
-
cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.17
-
cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.18
-
cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.19
-
cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.20
-
cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.21
-
cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.22
-
cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.23
-
cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.24
-
cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.25
-
cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.26
-
cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.27
-
cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.28
-
cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.29
-
cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.3.1
-
cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.30
-
cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.32
-
cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.33
-
cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.34
-
cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.01
-
cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.02
-
cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.03
-
cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.04
-
cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.05
-
cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.06
-
cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.07
-
cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.08
-
cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.09
-
cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.10
-
cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.11
-
cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.12
-
cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.13
-
cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.14
-
cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.15
-
cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.16
-
cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.17
-
cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.18
-
cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.19
-
cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.20
-
cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.21
-
cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.22
-
cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.23
-
cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.24
-
cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.25
-
cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.26
-
cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.27
-
cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.28
-
cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.29
-
cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.30
-
cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.31
-
cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.32
-
cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.33
-
cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.34
-
cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.35
-
cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.36
-
cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.37