CVE-2007-6721

Опубликовано: 30 мар. 2009

Источник: nvd

CVSS2: 10

EPSS Низкий

Описание

The Legion of the Bouncy Castle Java Cryptography API before release 1.38, as used in Crypto Provider Package before 1.36, has unknown impact and remote attack vectors related to "a Bleichenbacher vulnerability in simple RSA CMS signatures without signed attributes."

Ссылки

http://freshmeat.net/projects/bouncycastlecryptoapi/releases/265580
http://www.bouncycastle.org/csharp/
Patch
Vendor Advisory
http://www.bouncycastle.org/devmailarchive/msg08195.html
Patch
Vendor Advisory
http://www.bouncycastle.org/releasenotes.html
http://www.osvdb.org/50358
http://www.osvdb.org/50359
http://www.osvdb.org/50360
http://freshmeat.net/projects/bouncycastlecryptoapi/releases/265580
http://www.bouncycastle.org/csharp/
Patch
Vendor Advisory
http://www.bouncycastle.org/devmailarchive/msg08195.html
Patch
Vendor Advisory
http://www.bouncycastle.org/releasenotes.html
http://www.osvdb.org/50358
http://www.osvdb.org/50359
http://www.osvdb.org/50360

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*

Версия до 1.37 (включая)

cpe:2.3:a:bouncycastle:bc-java:1.01:*:*:*:*:*:*:*

cpe:2.3:a:bouncycastle:bc-java:1.02:*:*:*:*:*:*:*

cpe:2.3:a:bouncycastle:bc-java:1.03:*:*:*:*:*:*:*

cpe:2.3:a:bouncycastle:bc-java:1.04:*:*:*:*:*:*:*

cpe:2.3:a:bouncycastle:bc-java:1.05:*:*:*:*:*:*:*

cpe:2.3:a:bouncycastle:bc-java:1.06:*:*:*:*:*:*:*

cpe:2.3:a:bouncycastle:bc-java:1.07:*:*:*:*:*:*:*

cpe:2.3:a:bouncycastle:bc-java:1.08:*:*:*:*:*:*:*

cpe:2.3:a:bouncycastle:bc-java:1.09:*:*:*:*:*:*:*

cpe:2.3:a:bouncycastle:bc-java:1.10:*:*:*:*:*:*:*

cpe:2.3:a:bouncycastle:bc-java:1.11:*:*:*:*:*:*:*

cpe:2.3:a:bouncycastle:bc-java:1.12:*:*:*:*:*:*:*

cpe:2.3:a:bouncycastle:bc-java:1.13:*:*:*:*:*:*:*

cpe:2.3:a:bouncycastle:bc-java:1.14:*:*:*:*:*:*:*

cpe:2.3:a:bouncycastle:bc-java:1.15:*:*:*:*:*:*:*

cpe:2.3:a:bouncycastle:bc-java:1.16:*:*:*:*:*:*:*

cpe:2.3:a:bouncycastle:bc-java:1.17:*:*:*:*:*:*:*

cpe:2.3:a:bouncycastle:bc-java:1.18:*:*:*:*:*:*:*

cpe:2.3:a:bouncycastle:bc-java:1.19:*:*:*:*:*:*:*

cpe:2.3:a:bouncycastle:bc-java:1.20:*:*:*:*:*:*:*

cpe:2.3:a:bouncycastle:bc-java:1.21:*:*:*:*:*:*:*

cpe:2.3:a:bouncycastle:bc-java:1.22:*:*:*:*:*:*:*

cpe:2.3:a:bouncycastle:bc-java:1.23:*:*:*:*:*:*:*

cpe:2.3:a:bouncycastle:bc-java:1.24:*:*:*:*:*:*:*

cpe:2.3:a:bouncycastle:bc-java:1.25:*:*:*:*:*:*:*

cpe:2.3:a:bouncycastle:bc-java:1.26:*:*:*:*:*:*:*

cpe:2.3:a:bouncycastle:bc-java:1.27:*:*:*:*:*:*:*

cpe:2.3:a:bouncycastle:bc-java:1.28:*:*:*:*:*:*:*

cpe:2.3:a:bouncycastle:bc-java:1.29:*:*:*:*:*:*:*

cpe:2.3:a:bouncycastle:bc-java:1.30:*:*:*:*:*:*:*

cpe:2.3:a:bouncycastle:bc-java:1.31:*:*:*:*:*:*:*

cpe:2.3:a:bouncycastle:bc-java:1.32:*:*:*:*:*:*:*

cpe:2.3:a:bouncycastle:bc-java:1.33:*:*:*:*:*:*:*

cpe:2.3:a:bouncycastle:bc-java:1.34:*:*:*:*:*:*:*

cpe:2.3:a:bouncycastle:bc-java:1.35:*:*:*:*:*:*:*

cpe:2.3:a:bouncycastle:bc-java:1.36:*:*:*:*:*:*:*

Одно из

cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:*:*:*:*:*:*:*:*

Версия до 1.35 (включая)

cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.0:*:*:*:*:*:*:*

cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.01:*:*:*:*:*:*:*

cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.02:*:*:*:*:*:*:*

cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.03:*:*:*:*:*:*:*

cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.3.1:*:*:*:*:*:*:*

cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.04:*:*:*:*:*:*:*

cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.05:*:*:*:*:*:*:*

cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.06:*:*:*:*:*:*:*

cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.07:*:*:*:*:*:*:*

cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.08:*:*:*:*:*:*:*

cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.09:*:*:*:*:*:*:*

cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.11:*:*:*:*:*:*:*

cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.12:*:*:*:*:*:*:*

cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.13:*:*:*:*:*:*:*

cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.14:*:*:*:*:*:*:*

cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.15:*:*:*:*:*:*:*

cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.16:*:*:*:*:*:*:*

cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.17:*:*:*:*:*:*:*

cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.18:*:*:*:*:*:*:*

cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.19:*:*:*:*:*:*:*

cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.20:*:*:*:*:*:*:*

cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.21:*:*:*:*:*:*:*

cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.22:*:*:*:*:*:*:*

cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.23:*:*:*:*:*:*:*

cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.24:*:*:*:*:*:*:*

cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.25:*:*:*:*:*:*:*

cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.26:*:*:*:*:*:*:*

cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.27:*:*:*:*:*:*:*

cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.28:*:*:*:*:*:*:*

cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.29:*:*:*:*:*:*:*

cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.30:*:*:*:*:*:*:*

cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.32:*:*:*:*:*:*:*

cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.33:*:*:*:*:*:*:*

cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.34:*:*:*:*:*:*:*

EPSS

Процентиль: 74%

0.00856

Низкий

10 Critical

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

CVE-2007-6721

redhat

около 18 лет назад

CVE-2007-6721

debian

больше 16 лет назад

The Legion of the Bouncy Castle Java Cryptography API before release 1 ...

GHSA-m26p-m559-g5j5

github

больше 3 лет назад

Legion of the Bouncy Castle Java Cryptography API Bleichenbacher Oracle Vulnerability

EPSS

Процентиль: 74%

0.00856

Низкий

10 Critical

CVSS2

Дефекты

NVD-CWE-noinfo