Lucene search

MitreCVE-2007-6721

HistoryMar 30, 2009 - 1:30 a.m.

CVE-2007-6721

2009-03-3001:30:00

mitre

web.nvd.nist.gov

legion of the bouncy castle

java cryptography

api

bleichenbacher vulnerability

rsa cms

nvd

cve-2007-6721

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.2

Confidence

High

EPSS

0.006

Percentile

78.9%

JSON

The Legion of the Bouncy Castle Java Cryptography API before release 1.38, as used in Crypto Provider Package before 1.36, has unknown impact and remote attack vectors related to “a Bleichenbacher vulnerability in simple RSA CMS signatures without signed attributes.”

Affected configurations

Nvd

Node

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiRange≤1.37

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.01

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.02

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.03

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.04

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.05

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.06

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.07

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.08

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.09

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.10

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.11

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.12

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.13

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.14

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.15

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.16

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.17

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.18

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.19

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.20

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.21

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.22

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.23

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.24

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.25

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.26

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.27

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.28

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.29

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.30

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.31

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.32

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.33

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.34

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.35

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.36

AND

bouncycastlebouncy-castle-crypto-packageRange≤1.35

bouncycastlebouncy-castle-crypto-packageMatch1.0

bouncycastlebouncy-castle-crypto-packageMatch1.01

bouncycastlebouncy-castle-crypto-packageMatch1.02

bouncycastlebouncy-castle-crypto-packageMatch1.03

bouncycastlebouncy-castle-crypto-packageMatch1.3.1

bouncycastlebouncy-castle-crypto-packageMatch1.04

bouncycastlebouncy-castle-crypto-packageMatch1.05

bouncycastlebouncy-castle-crypto-packageMatch1.06

bouncycastlebouncy-castle-crypto-packageMatch1.07

bouncycastlebouncy-castle-crypto-packageMatch1.08

bouncycastlebouncy-castle-crypto-packageMatch1.09

bouncycastlebouncy-castle-crypto-packageMatch1.11

bouncycastlebouncy-castle-crypto-packageMatch1.12

bouncycastlebouncy-castle-crypto-packageMatch1.13

bouncycastlebouncy-castle-crypto-packageMatch1.14

bouncycastlebouncy-castle-crypto-packageMatch1.15

bouncycastlebouncy-castle-crypto-packageMatch1.16

bouncycastlebouncy-castle-crypto-packageMatch1.17

bouncycastlebouncy-castle-crypto-packageMatch1.18

bouncycastlebouncy-castle-crypto-packageMatch1.19

bouncycastlebouncy-castle-crypto-packageMatch1.20

bouncycastlebouncy-castle-crypto-packageMatch1.21

bouncycastlebouncy-castle-crypto-packageMatch1.22

bouncycastlebouncy-castle-crypto-packageMatch1.23

bouncycastlebouncy-castle-crypto-packageMatch1.24

bouncycastlebouncy-castle-crypto-packageMatch1.25

bouncycastlebouncy-castle-crypto-packageMatch1.26

bouncycastlebouncy-castle-crypto-packageMatch1.27

bouncycastlebouncy-castle-crypto-packageMatch1.28

bouncycastlebouncy-castle-crypto-packageMatch1.29

bouncycastlebouncy-castle-crypto-packageMatch1.30

bouncycastlebouncy-castle-crypto-packageMatch1.32

bouncycastlebouncy-castle-crypto-packageMatch1.33

bouncycastlebouncy-castle-crypto-packageMatch1.34

VendorProductVersionCPE
bouncycastlelegion-of-the-bouncy-castle-java-crytography-api*cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:*:*:*:*:*:*:*:*
bouncycastlelegion-of-the-bouncy-castle-java-crytography-api1.01cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.01:*:*:*:*:*:*:*
bouncycastlelegion-of-the-bouncy-castle-java-crytography-api1.02cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.02:*:*:*:*:*:*:*
bouncycastlelegion-of-the-bouncy-castle-java-crytography-api1.03cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.03:*:*:*:*:*:*:*
bouncycastlelegion-of-the-bouncy-castle-java-crytography-api1.04cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.04:*:*:*:*:*:*:*
bouncycastlelegion-of-the-bouncy-castle-java-crytography-api1.05cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.05:*:*:*:*:*:*:*
bouncycastlelegion-of-the-bouncy-castle-java-crytography-api1.06cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.06:*:*:*:*:*:*:*
bouncycastlelegion-of-the-bouncy-castle-java-crytography-api1.07cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.07:*:*:*:*:*:*:*
bouncycastlelegion-of-the-bouncy-castle-java-crytography-api1.08cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.08:*:*:*:*:*:*:*
bouncycastlelegion-of-the-bouncy-castle-java-crytography-api1.09cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.09:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
bouncycastle	legion-of-the-bouncy-castle-java-crytography-api	*	cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api::::::::
bouncycastle	legion-of-the-bouncy-castle-java-crytography-api	1.01	cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.01:::::::*
bouncycastle	legion-of-the-bouncy-castle-java-crytography-api	1.02	cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.02:::::::*
bouncycastle	legion-of-the-bouncy-castle-java-crytography-api	1.03	cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.03:::::::*
bouncycastle	legion-of-the-bouncy-castle-java-crytography-api	1.04	cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.04:::::::*
bouncycastle	legion-of-the-bouncy-castle-java-crytography-api	1.05	cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.05:::::::*
bouncycastle	legion-of-the-bouncy-castle-java-crytography-api	1.06	cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.06:::::::*
bouncycastle	legion-of-the-bouncy-castle-java-crytography-api	1.07	cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.07:::::::*
bouncycastle	legion-of-the-bouncy-castle-java-crytography-api	1.08	cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.08:::::::*
bouncycastle	legion-of-the-bouncy-castle-java-crytography-api	1.09	cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.09:::::::*