Vulnerabilites related to bouncycastle - bouncy-castle-crypto-package
CVE-2007-6721 (GCVE-0-2007-6721)
Vulnerability from cvelistv5
Published
2009-03-30 01:00
Modified
2024-08-07 16:18
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Legion of the Bouncy Castle Java Cryptography API before release 1.38, as used in Crypto Provider Package before 1.36, has unknown impact and remote attack vectors related to "a Bleichenbacher vulnerability in simple RSA CMS signatures without signed attributes."
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:18:20.431Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://freshmeat.net/projects/bouncycastlecryptoapi/releases/265580"
},
{
"name": "50358",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/50358"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.bouncycastle.org/csharp/"
},
{
"name": "50360",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/50360"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.bouncycastle.org/releasenotes.html"
},
{
"name": "50359",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/50359"
},
{
"name": "[dev-crypto] 20071109 Bouncy Castle Crypto Provider Package version 1.36 now available",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.bouncycastle.org/devmailarchive/msg08195.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-11-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Legion of the Bouncy Castle Java Cryptography API before release 1.38, as used in Crypto Provider Package before 1.36, has unknown impact and remote attack vectors related to \"a Bleichenbacher vulnerability in simple RSA CMS signatures without signed attributes.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-11-16T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://freshmeat.net/projects/bouncycastlecryptoapi/releases/265580"
},
{
"name": "50358",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/50358"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.bouncycastle.org/csharp/"
},
{
"name": "50360",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/50360"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.bouncycastle.org/releasenotes.html"
},
{
"name": "50359",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/50359"
},
{
"name": "[dev-crypto] 20071109 Bouncy Castle Crypto Provider Package version 1.36 now available",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.bouncycastle.org/devmailarchive/msg08195.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6721",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Legion of the Bouncy Castle Java Cryptography API before release 1.38, as used in Crypto Provider Package before 1.36, has unknown impact and remote attack vectors related to \"a Bleichenbacher vulnerability in simple RSA CMS signatures without signed attributes.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://freshmeat.net/projects/bouncycastlecryptoapi/releases/265580",
"refsource": "CONFIRM",
"url": "http://freshmeat.net/projects/bouncycastlecryptoapi/releases/265580"
},
{
"name": "50358",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/50358"
},
{
"name": "http://www.bouncycastle.org/csharp/",
"refsource": "CONFIRM",
"url": "http://www.bouncycastle.org/csharp/"
},
{
"name": "50360",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/50360"
},
{
"name": "http://www.bouncycastle.org/releasenotes.html",
"refsource": "CONFIRM",
"url": "http://www.bouncycastle.org/releasenotes.html"
},
{
"name": "50359",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/50359"
},
{
"name": "[dev-crypto] 20071109 Bouncy Castle Crypto Provider Package version 1.36 now available",
"refsource": "MLIST",
"url": "http://www.bouncycastle.org/devmailarchive/msg08195.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6721",
"datePublished": "2009-03-30T01:00:00",
"dateReserved": "2009-03-29T00:00:00",
"dateUpdated": "2024-08-07T16:18:20.431Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2009-03-30 01:30
Modified
2025-05-12 17:37
Severity ?
Summary
The Legion of the Bouncy Castle Java Cryptography API before release 1.38, as used in Crypto Provider Package before 1.36, has unknown impact and remote attack vectors related to "a Bleichenbacher vulnerability in simple RSA CMS signatures without signed attributes."
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bouncycastle:bc-java:*:*:*:*:*:*:*:*",
"matchCriteriaId": "71630DBB-121C-4EF2-8BC8-69EF824536C9",
"versionEndIncluding": "1.37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bouncycastle:bc-java:1.01:*:*:*:*:*:*:*",
"matchCriteriaId": "074B7733-B554-4C60-8B6C-711082FBC981",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bouncycastle:bc-java:1.02:*:*:*:*:*:*:*",
"matchCriteriaId": "6B065EFF-5CBE-4B4E-B5ED-C97ACC17F913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bouncycastle:bc-java:1.03:*:*:*:*:*:*:*",
"matchCriteriaId": "74053B79-26E8-4E5C-8BAA-623B6F8C2406",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bouncycastle:bc-java:1.04:*:*:*:*:*:*:*",
"matchCriteriaId": "8A673F86-9038-4DDC-BC42-CDAA82E31D18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bouncycastle:bc-java:1.05:*:*:*:*:*:*:*",
"matchCriteriaId": "27BA92FF-CCD7-43A7-880B-63F749BE134A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bouncycastle:bc-java:1.06:*:*:*:*:*:*:*",
"matchCriteriaId": "A587B9F5-BA5F-4470-84A7-551C15143F80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bouncycastle:bc-java:1.07:*:*:*:*:*:*:*",
"matchCriteriaId": "CF1C6753-A077-4BC1-96D6-42408D576371",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bouncycastle:bc-java:1.08:*:*:*:*:*:*:*",
"matchCriteriaId": "D9F1242D-E49C-49E8-B011-ACCD096BB62F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bouncycastle:bc-java:1.09:*:*:*:*:*:*:*",
"matchCriteriaId": "CB5B1AD3-F98A-4608-92E3-03D595DC24F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bouncycastle:bc-java:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A3B73EA3-7055-47F4-927B-DAE9CCC0790B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bouncycastle:bc-java:1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "754ACBCB-BF5C-49C2-8608-DF0B60F75C19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bouncycastle:bc-java:1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "6654B10A-5D16-4D13-A329-512A1D8100D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bouncycastle:bc-java:1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "33A9B4AA-4EBF-49A9-8081-68AE10D3B36D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bouncycastle:bc-java:1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "E57C145D-44AD-4D3D-AC95-A02F4343E9F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bouncycastle:bc-java:1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "581016A0-9C71-4C69-BA07-DED9E58B9D20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bouncycastle:bc-java:1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "D7E76D59-7A74-44A9-9E34-F2573C7BD023",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bouncycastle:bc-java:1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "F375FFAD-88A2-4DCE-A609-2965692483CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bouncycastle:bc-java:1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "5C001773-96B8-4CC9-9841-EBAFD4724FBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bouncycastle:bc-java:1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "2EAAD240-17C9-4804-9BDE-F13B94EC6580",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bouncycastle:bc-java:1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "AF897C5D-1751-4FCE-8814-51FBECB7143B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bouncycastle:bc-java:1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "DBEF5C40-189C-4CA3-AC7E-7B06040AE984",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bouncycastle:bc-java:1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "C232FE64-92E6-4090-BA28-53A6EC1794EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bouncycastle:bc-java:1.23:*:*:*:*:*:*:*",
"matchCriteriaId": "3BC9CEB4-0708-4BF2-B126-94ADC1F83870",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bouncycastle:bc-java:1.24:*:*:*:*:*:*:*",
"matchCriteriaId": "4C7FB2D4-C9FA-4B4D-9DA5-EF7262F00E44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bouncycastle:bc-java:1.25:*:*:*:*:*:*:*",
"matchCriteriaId": "3B7DDC74-EAB2-4159-B234-6A282155D137",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bouncycastle:bc-java:1.26:*:*:*:*:*:*:*",
"matchCriteriaId": "E9BA1059-992E-4C20-A7CE-7113BA768663",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bouncycastle:bc-java:1.27:*:*:*:*:*:*:*",
"matchCriteriaId": "27E1FB43-1D6B-48B0-ADA1-CCE1BFF03E87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bouncycastle:bc-java:1.28:*:*:*:*:*:*:*",
"matchCriteriaId": "989146A9-B308-4097-9E01-E6DE1DD7FCCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bouncycastle:bc-java:1.29:*:*:*:*:*:*:*",
"matchCriteriaId": "59B24C7F-ABC5-43EC-86A0-5E1985522FCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bouncycastle:bc-java:1.30:*:*:*:*:*:*:*",
"matchCriteriaId": "0C8010C1-C565-4743-9D15-40040FB43B63",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bouncycastle:bc-java:1.31:*:*:*:*:*:*:*",
"matchCriteriaId": "232A9D64-5D09-4C97-A40C-AC7BCBFAC656",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bouncycastle:bc-java:1.32:*:*:*:*:*:*:*",
"matchCriteriaId": "1DCFFFEC-C0FA-43F9-8D51-281D2687A112",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bouncycastle:bc-java:1.33:*:*:*:*:*:*:*",
"matchCriteriaId": "19E0BE43-463C-4181-B391-BF4365B85B96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bouncycastle:bc-java:1.34:*:*:*:*:*:*:*",
"matchCriteriaId": "DAA2A9CD-697A-448B-BC5B-1B5C62EAC8F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bouncycastle:bc-java:1.35:*:*:*:*:*:*:*",
"matchCriteriaId": "557535DF-E017-4B5D-BF31-108842792600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bouncycastle:bc-java:1.36:*:*:*:*:*:*:*",
"matchCriteriaId": "AF066A80-84B8-40FF-9A48-D72D5475DEEA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0A91B639-B1FE-4794-845C-31D614B6EB2A",
"versionEndIncluding": "1.35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AEE7175F-DC6C-4555-B9E0-0FCA0B86B826",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.01:*:*:*:*:*:*:*",
"matchCriteriaId": "E6019D20-B7C5-45E9-80A9-EF6A484E2307",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.02:*:*:*:*:*:*:*",
"matchCriteriaId": "F74E7270-0289-4967-A291-5A03053CB68A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.03:*:*:*:*:*:*:*",
"matchCriteriaId": "BA120555-B228-471C-B00A-01F2D5144FD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AA3B4F44-B349-43A3-801F-38FCB53838E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.04:*:*:*:*:*:*:*",
"matchCriteriaId": "A06BA9F6-30E4-4141-A995-A0F63ABF9D25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.05:*:*:*:*:*:*:*",
"matchCriteriaId": "DD5FEAE4-3792-4778-A199-CAEA59A66068",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.06:*:*:*:*:*:*:*",
"matchCriteriaId": "1FB8FAE6-C6DA-456C-839D-A241493F54D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.07:*:*:*:*:*:*:*",
"matchCriteriaId": "85BDABE2-E5A5-453C-B1EF-66EA5001191B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.08:*:*:*:*:*:*:*",
"matchCriteriaId": "083BB632-3482-4D99-9515-7D3969FA5577",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.09:*:*:*:*:*:*:*",
"matchCriteriaId": "79EB74F9-E4A0-4C3F-9CCC-2157A8DD7EDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "80AE1A3C-4A65-4C49-9C92-B196AF6EBFD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B43C3258-E651-4595-83D0-1E370DA2A969",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "15899226-AE31-49B3-9C66-78E85FC4B628",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "A0221377-D94B-4FAD-BAC9-C7179A4D355D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "B2EA98CD-0647-4C0C-B33B-55EEC218D69A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "8CC3C505-D136-4218-88E4-A89DE05E372D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.17:*:*:*:*:*:*:*",
"matchCriteriaId": "3D3DB77B-8E44-4A11-97C8-F4736C40EA72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "35DB68BA-906A-4B58-B93B-59E237A2DFB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.19:*:*:*:*:*:*:*",
"matchCriteriaId": "423494D6-B192-4182-8B6E-AD6BB8E0DED9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "D05202FC-AC0B-4F66-BEBA-E8C1D650D9A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "E9BE90FD-346A-4E1C-A768-333000ACE323",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "393BCDA6-ED42-4173-8022-2CD1487EF004",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.23:*:*:*:*:*:*:*",
"matchCriteriaId": "5F8237FE-937B-41AD-AB1B-8331FF409550",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.24:*:*:*:*:*:*:*",
"matchCriteriaId": "9333C3E7-0050-4AB5-83FC-E683CCCAF614",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.25:*:*:*:*:*:*:*",
"matchCriteriaId": "45EACB03-5B75-49D4-A24D-4117045BBE53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.26:*:*:*:*:*:*:*",
"matchCriteriaId": "7483646A-B9B4-4D14-BF02-900A1405F1FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.27:*:*:*:*:*:*:*",
"matchCriteriaId": "D7BE8753-AA5A-4B71-96C4-D0F30F0FDF04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.28:*:*:*:*:*:*:*",
"matchCriteriaId": "A8967308-CB4F-47AB-8761-A8AC27247D17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.29:*:*:*:*:*:*:*",
"matchCriteriaId": "46FD4731-2314-465F-B9D7-CC907EC8CE42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.30:*:*:*:*:*:*:*",
"matchCriteriaId": "5E50EB43-2389-4D6C-BAFA-2B024F521FAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.32:*:*:*:*:*:*:*",
"matchCriteriaId": "D8FBEB87-300E-4245-867D-3CC79163B941",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.33:*:*:*:*:*:*:*",
"matchCriteriaId": "E48550BA-18A0-4682-9F83-71B8294FEC4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bouncycastle:bouncy-castle-crypto-package:1.34:*:*:*:*:*:*:*",
"matchCriteriaId": "B462DAC1-4037-468F-897B-05CDFAFA4DB3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Legion of the Bouncy Castle Java Cryptography API before release 1.38, as used in Crypto Provider Package before 1.36, has unknown impact and remote attack vectors related to \"a Bleichenbacher vulnerability in simple RSA CMS signatures without signed attributes.\""
},
{
"lang": "es",
"value": "La Legi\u00f3n de la API de Bouncy Castle Java Cryptography anterior a versi\u00f3n 1.38, como es usada en Crypto Provider Package anterior a versi\u00f3n 1.36, presenta un impacto desconocido y vectores de ataque remoto relacionados con \"a Bleichenbacher vulnerability in simple RSA CMS signatures without signed attributes\"."
}
],
"id": "CVE-2007-6721",
"lastModified": "2025-05-12T17:37:16.527",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-03-30T01:30:00.217",
"references": [
{
"source": "cve@mitre.org",
"url": "http://freshmeat.net/projects/bouncycastlecryptoapi/releases/265580"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.bouncycastle.org/csharp/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.bouncycastle.org/devmailarchive/msg08195.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.bouncycastle.org/releasenotes.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/50358"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/50359"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/50360"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://freshmeat.net/projects/bouncycastlecryptoapi/releases/265580"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.bouncycastle.org/csharp/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.bouncycastle.org/devmailarchive/msg08195.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.bouncycastle.org/releasenotes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/50358"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/50359"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/50360"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}