CVE-2007-6721

CWE-20310 documents8 sources

Severity

10.0CRITICAL

EPSS

0.9%

top 25.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Bouncycastle Bc-java Bouncycastle Bouncy-castle-crypto-package

Timeline

PublishedMar 30

Latest updateMay 1

Description

The Legion of the Bouncy Castle Java Cryptography API before release 1.38, as used in Crypto Provider Package before 1.36, has unknown impact and remote attack vectors related to "a Bleichenbacher vulnerability in simple RSA CMS signatures without signed attributes."

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages6 packages

▶NVDbouncycastle/bouncy-castle-crypto-package1.35+34

▶NVDbouncycastle/bc-java1.37+36

▶Mavenbouncycastle:bcprov-jdk14< 1.38

▶Mavenbouncycastle:bcprov-jdk15< 1.38

▶Mavenbouncycastle:bcprov-jdk16< 1.38

Patches

Patch: www.bouncycastle.org ↗Patch: www.bouncycastle.org ↗Patch: www.bouncycastle.org ↗

🔴Vulnerability Details

OSV

Legion of the Bouncy Castle Java Cryptography API Bleichenbacher Oracle Vulnerability↗2022-05-01

▶

GHSA

Legion of the Bouncy Castle Java Cryptography API Bleichenbacher Oracle Vulnerability↗2022-05-01

▶

OSV

CVE-2007-6721: The Legion of the Bouncy Castle Java Cryptography API before release 1↗2009-03-30

▶

CVEList

CVE-2007-6721: The Legion of the Bouncy Castle Java Cryptography API before release 1↗2009-03-30

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Office 2007 - BIFFRecord Length Use-After-Free↗2015-09-16

▶

Exploit-DB

Microsoft Office 2007 - OLESSDirectyEntry.CreateTime Type Confusion↗2015-09-16

▶

📋Vendor Advisories

Red Hat

bouncycastle: unknown vulnerability in simple RSA CMS signatures↗2007-11-07

▶

Debian

CVE-2007-6721: bouncycastle - The Legion of the Bouncy Castle Java Cryptography API before release 1.38, as us...↗2007

▶

💬Community

Bugzilla

CVE-2007-6721 bouncycastle: unknown vulnerability in simple RSA CMS signatures↗2009-04-03

▶