Lucene search
GitHub Advisory DatabaseGHSA-M26P-M559-G5J5HistoryMay 01, 2022 - 6:45 p.m.
Legion of the Bouncy Castle Java Cryptography API Bleichenbacher Oracle Vulnerability
2022-05-0118:45:52
CWE-203
GitHub Advisory Database
github.com
10
java cryptography api
bleichenbacher vulnerability
rsa cms signatures
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
0.006
Percentile
78.9%
The Legion of the Bouncy Castle Java Cryptography API before release 1.38, as used in Crypto Provider Package before 1.36, has unknown impact and remote attack vectors related to “a Bleichenbacher vulnerability in simple RSA CMS signatures without signed attributes.”
Affected configurations
Node
bouncycastlebcprov-jdk16Range<1.38
ORbouncycastlebcprov-jdk15Range<1.38
ORbouncycastlebcprov-jdk14Range<1.38
| Vendor | Product | Version | CPE |
|---|---|---|---|
| bouncycastle | bcprov-jdk16 | * | cpe:2.3:a:bouncycastle:bcprov-jdk16:*:*:*:*:*:*:*:* |
| bouncycastle | bcprov-jdk15 | * | cpe:2.3:a:bouncycastle:bcprov-jdk15:*:*:*:*:*:*:*:* |
| bouncycastle | bcprov-jdk14 | * | cpe:2.3:a:bouncycastle:bcprov-jdk14:*:*:*:*:*:*:*:* |
Related
prion
prion
Design/Logic Flaw
2009-03-30 01:30:00
debiancve
debiancve
CVE-2007-6721
2009-03-30 01:30:00
osv
osv
nvd
nvd
CVE-2007-6721
2009-03-30 01:30:00
veracode
veracode
ROBOT Attack
2019-03-25 08:40:43
cvelist
cvelist
CVE-2007-6721
2009-03-30 01:00:00
cve
cve
CVE-2007-6721
2009-03-30 01:30:00
nessus
nessus
OpenSSL < 0.9.7k / 0.9.8c PKCS Padding RSA Signature Forgery Vulnerability
2012-01-04 00:00:00
CVSS2
10
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
0.006
Percentile
78.9%
Related for GHSA-M26P-M559-G5J5