Vulnerability Details : CVE-2007-6721
The Legion of the Bouncy Castle Java Cryptography API before release 1.38, as used in Crypto Provider Package before 1.36, has unknown impact and remote attack vectors related to "a Bleichenbacher vulnerability in simple RSA CMS signatures without signed attributes."
Products affected by CVE-2007-6721
- cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:*:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.34:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.33:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.26:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.28:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.27:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.20:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.19:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.18:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.11:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.09:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.02:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.01:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.25:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.17:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.16:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.08:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.07:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.32:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.24:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.23:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.15:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.14:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.06:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.05:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.30:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.29:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.22:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.21:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.13:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.12:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.04:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.03:*:*:*:*:*:*:*
- Bouncycastle » Legion-of-the-bouncy-castle-java-crytography-apiVersions up to, including, (<=) 1.37cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:*:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.31:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.30:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.29:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.22:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.21:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.14:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.13:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.05:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.04:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.33:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.32:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.23:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.24:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.16:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.15:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.08:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.07:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.06:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.36:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.28:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.27:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.20:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.19:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.12:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.11:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.03:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.02:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.35:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.34:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.26:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.25:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.18:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.17:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.10:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.09:*:*:*:*:*:*:*
- cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.01:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-6721
0.79%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 72 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-6721
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
References for CVE-2007-6721
-
http://freshmeat.net/projects/bouncycastlecryptoapi/releases/265580
Best Open Source Mac Software Development Software 2024
-
http://www.bouncycastle.org/devmailarchive/msg08195.html
bouncycastle.org :: dev-crypto :: [dev-crypto] Bouncy Castle Crypto Provider Package version 1.36 now availablePatch;Vendor Advisory
-
http://www.bouncycastle.org/csharp/
Download Bouncy Castle C# .NET - BouncycastlePatch;Vendor Advisory
-
http://www.bouncycastle.org/releasenotes.html
Download Bouncy Castle Java - Bouncycastle
Jump to