CVE-2007-6721
First published: Mon Mar 30 2009(Updated: )
The Legion of the Bouncy Castle Java Cryptography API before release 1.38, as used in Crypto Provider Package before 1.36, has unknown impact and remote attack vectors related to "a Bleichenbacher vulnerability in simple RSA CMS signatures without signed attributes."
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| maven/bouncycastle:bcprov-jdk16 | <1.38 | 1.38 |
| maven/bouncycastle:bcprov-jdk14 | <1.38 | 1.38 |
| Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api | <=1.37 | |
| Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api | =1.01 | |
| Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api | =1.02 | |
| Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api | =1.03 | |
| Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api | =1.04 | |
| Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api | =1.05 | |
| Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api | =1.06 | |
| Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api | =1.07 | |
| Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api | =1.08 | |
| Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api | =1.09 | |
| Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api | =1.10 | |
| Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api | =1.11 | |
| Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api | =1.12 | |
| Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api | =1.13 | |
| Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api | =1.14 | |
| Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api | =1.15 | |
| Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api | =1.16 | |
| Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api | =1.17 | |
| Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api | =1.18 | |
| Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api | =1.19 | |
| Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api | =1.20 | |
| Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api | =1.21 | |
| Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api | =1.22 | |
| Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api | =1.23 | |
| Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api | =1.24 | |
| Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api | =1.25 | |
| Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api | =1.26 | |
| Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api | =1.27 | |
| Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api | =1.28 | |
| Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api | =1.29 | |
| Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api | =1.30 | |
| Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api | =1.31 | |
| Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api | =1.32 | |
| Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api | =1.33 | |
| Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api | =1.34 | |
| Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api | =1.35 | |
| Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api | =1.36 | |
| Bouncycastle Bouncy-castle-crypto-package | <=1.35 | |
| Bouncycastle Bouncy-castle-crypto-package | =1.0 | |
| Bouncycastle Bouncy-castle-crypto-package | =1.01 | |
| Bouncycastle Bouncy-castle-crypto-package | =1.02 | |
| Bouncycastle Bouncy-castle-crypto-package | =1.03 | |
| Bouncycastle Bouncy-castle-crypto-package | =1.3.1 | |
| Bouncycastle Bouncy-castle-crypto-package | =1.04 | |
| Bouncycastle Bouncy-castle-crypto-package | =1.05 | |
| Bouncycastle Bouncy-castle-crypto-package | =1.06 | |
| Bouncycastle Bouncy-castle-crypto-package | =1.07 | |
| Bouncycastle Bouncy-castle-crypto-package | =1.08 | |
| Bouncycastle Bouncy-castle-crypto-package | =1.09 | |
| Bouncycastle Bouncy-castle-crypto-package | =1.11 | |
| Bouncycastle Bouncy-castle-crypto-package | =1.12 | |
| Bouncycastle Bouncy-castle-crypto-package | =1.13 | |
| Bouncycastle Bouncy-castle-crypto-package | =1.14 | |
| Bouncycastle Bouncy-castle-crypto-package | =1.15 | |
| Bouncycastle Bouncy-castle-crypto-package | =1.16 | |
| Bouncycastle Bouncy-castle-crypto-package | =1.17 | |
| Bouncycastle Bouncy-castle-crypto-package | =1.18 | |
| Bouncycastle Bouncy-castle-crypto-package | =1.19 | |
| Bouncycastle Bouncy-castle-crypto-package | =1.20 | |
| Bouncycastle Bouncy-castle-crypto-package | =1.21 | |
| Bouncycastle Bouncy-castle-crypto-package | =1.22 | |
| Bouncycastle Bouncy-castle-crypto-package | =1.23 | |
| Bouncycastle Bouncy-castle-crypto-package | =1.24 | |
| Bouncycastle Bouncy-castle-crypto-package | =1.25 | |
| Bouncycastle Bouncy-castle-crypto-package | =1.26 | |
| Bouncycastle Bouncy-castle-crypto-package | =1.27 | |
| Bouncycastle Bouncy-castle-crypto-package | =1.28 | |
| Bouncycastle Bouncy-castle-crypto-package | =1.29 | |
| Bouncycastle Bouncy-castle-crypto-package | =1.30 | |
| Bouncycastle Bouncy-castle-crypto-package | =1.32 | |
| Bouncycastle Bouncy-castle-crypto-package | =1.33 | |
| Bouncycastle Bouncy-castle-crypto-package | =1.34 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.osvdb.org/50360
- http://freshmeat.net/projects/bouncycastlecryptoapi/releases/265580
- http://www.bouncycastle.org/devmailarchive/msg08195.html
- http://www.osvdb.org/50358
- http://www.bouncycastle.org/csharp/
- http://www.osvdb.org/50359
- http://www.bouncycastle.org/releasenotes.html
- https://nvd.nist.gov/vuln/detail/CVE-2007-6721
- https://web.archive.org/web/20071022023551/http://www.bouncycastle.org/csharp/
- https://web.archive.org/web/20080316202318/http://www.bouncycastle.org:80/releasenotes.html
- https://github.com/advisories/GHSA-m26p-m559-g5j5 (Advisory)
- collector/nvd-historical
- collector/github-advisory-latest
- alias/GHSA-m26p-m559-g5j5
- alias/CVE-2007-6721
- collector/github-advisory
- collector/nvd-cve
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/type
- agent/event
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/references
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- package-manager/maven
- vendor/bouncycastle
- canonical/bouncycastle legion-of-the-bouncy-castle-java-crytography-api
- version/bouncycastle legion-of-the-bouncy-castle-java-crytography-api/1.37
- version/bouncycastle legion-of-the-bouncy-castle-java-crytography-api/1.01
- version/bouncycastle legion-of-the-bouncy-castle-java-crytography-api/1.02
- version/bouncycastle legion-of-the-bouncy-castle-java-crytography-api/1.03
- version/bouncycastle legion-of-the-bouncy-castle-java-crytography-api/1.04
- version/bouncycastle legion-of-the-bouncy-castle-java-crytography-api/1.05
- version/bouncycastle legion-of-the-bouncy-castle-java-crytography-api/1.06
- version/bouncycastle legion-of-the-bouncy-castle-java-crytography-api/1.07
- version/bouncycastle legion-of-the-bouncy-castle-java-crytography-api/1.08
- version/bouncycastle legion-of-the-bouncy-castle-java-crytography-api/1.09
- version/bouncycastle legion-of-the-bouncy-castle-java-crytography-api/1.10
- version/bouncycastle legion-of-the-bouncy-castle-java-crytography-api/1.11
- version/bouncycastle legion-of-the-bouncy-castle-java-crytography-api/1.12
- version/bouncycastle legion-of-the-bouncy-castle-java-crytography-api/1.13
- version/bouncycastle legion-of-the-bouncy-castle-java-crytography-api/1.14
- version/bouncycastle legion-of-the-bouncy-castle-java-crytography-api/1.15
- version/bouncycastle legion-of-the-bouncy-castle-java-crytography-api/1.16
- version/bouncycastle legion-of-the-bouncy-castle-java-crytography-api/1.17
- version/bouncycastle legion-of-the-bouncy-castle-java-crytography-api/1.18
- version/bouncycastle legion-of-the-bouncy-castle-java-crytography-api/1.19
- version/bouncycastle legion-of-the-bouncy-castle-java-crytography-api/1.20
- version/bouncycastle legion-of-the-bouncy-castle-java-crytography-api/1.21
- version/bouncycastle legion-of-the-bouncy-castle-java-crytography-api/1.22
- version/bouncycastle legion-of-the-bouncy-castle-java-crytography-api/1.23
- version/bouncycastle legion-of-the-bouncy-castle-java-crytography-api/1.24
- version/bouncycastle legion-of-the-bouncy-castle-java-crytography-api/1.25
- version/bouncycastle legion-of-the-bouncy-castle-java-crytography-api/1.26
- version/bouncycastle legion-of-the-bouncy-castle-java-crytography-api/1.27
- version/bouncycastle legion-of-the-bouncy-castle-java-crytography-api/1.28
- version/bouncycastle legion-of-the-bouncy-castle-java-crytography-api/1.29
- version/bouncycastle legion-of-the-bouncy-castle-java-crytography-api/1.30
- version/bouncycastle legion-of-the-bouncy-castle-java-crytography-api/1.31
- version/bouncycastle legion-of-the-bouncy-castle-java-crytography-api/1.32
- version/bouncycastle legion-of-the-bouncy-castle-java-crytography-api/1.33
- version/bouncycastle legion-of-the-bouncy-castle-java-crytography-api/1.34
- version/bouncycastle legion-of-the-bouncy-castle-java-crytography-api/1.35
- version/bouncycastle legion-of-the-bouncy-castle-java-crytography-api/1.36
- canonical/bouncycastle bouncy-castle-crypto-package
- version/bouncycastle bouncy-castle-crypto-package/1.35
- version/bouncycastle bouncy-castle-crypto-package/1.0
- version/bouncycastle bouncy-castle-crypto-package/1.01
- version/bouncycastle bouncy-castle-crypto-package/1.02
- version/bouncycastle bouncy-castle-crypto-package/1.03
- version/bouncycastle bouncy-castle-crypto-package/1.3.1
- version/bouncycastle bouncy-castle-crypto-package/1.04
- version/bouncycastle bouncy-castle-crypto-package/1.05
- version/bouncycastle bouncy-castle-crypto-package/1.06
- version/bouncycastle bouncy-castle-crypto-package/1.07
- version/bouncycastle bouncy-castle-crypto-package/1.08
- version/bouncycastle bouncy-castle-crypto-package/1.09
- version/bouncycastle bouncy-castle-crypto-package/1.11
- version/bouncycastle bouncy-castle-crypto-package/1.12
- version/bouncycastle bouncy-castle-crypto-package/1.13
- version/bouncycastle bouncy-castle-crypto-package/1.14
- version/bouncycastle bouncy-castle-crypto-package/1.15
- version/bouncycastle bouncy-castle-crypto-package/1.16
- version/bouncycastle bouncy-castle-crypto-package/1.17
- version/bouncycastle bouncy-castle-crypto-package/1.18
- version/bouncycastle bouncy-castle-crypto-package/1.19
- version/bouncycastle bouncy-castle-crypto-package/1.20
- version/bouncycastle bouncy-castle-crypto-package/1.21
- version/bouncycastle bouncy-castle-crypto-package/1.22
- version/bouncycastle bouncy-castle-crypto-package/1.23
- version/bouncycastle bouncy-castle-crypto-package/1.24
- version/bouncycastle bouncy-castle-crypto-package/1.25
- version/bouncycastle bouncy-castle-crypto-package/1.26
- version/bouncycastle bouncy-castle-crypto-package/1.27
- version/bouncycastle bouncy-castle-crypto-package/1.28
- version/bouncycastle bouncy-castle-crypto-package/1.29
- version/bouncycastle bouncy-castle-crypto-package/1.30
- version/bouncycastle bouncy-castle-crypto-package/1.32
- version/bouncycastle bouncy-castle-crypto-package/1.33
- version/bouncycastle bouncy-castle-crypto-package/1.34