Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6721

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2007-6721
Last Modified 15 Nov 2012 10:52:42
Published 29 Mar 2009 09:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-6721

Summary

The Legion of the Bouncy Castle Java Cryptography API before release 1.38, as used in Crypto Provider Package before 1.36, has unknown impact and remote attack vectors related to "a Bleichenbacher vulnerability in simple RSA CMS signatures without signed attributes."

Vulnerable Systems

Application

  • Bouncycastle Bouncy-castle-crypto-package 1.0

  • Bouncycastle Bouncy-castle-crypto-package 1.01

  • Bouncycastle Bouncy-castle-crypto-package 1.02

  • Bouncycastle Bouncy-castle-crypto-package 1.03

  • Bouncycastle Bouncy-castle-crypto-package 1.04

  • Bouncycastle Bouncy-castle-crypto-package 1.05

  • Bouncycastle Bouncy-castle-crypto-package 1.06

  • Bouncycastle Bouncy-castle-crypto-package 1.07

  • Bouncycastle Bouncy-castle-crypto-package 1.08

  • Bouncycastle Bouncy-castle-crypto-package 1.09

  • Bouncycastle Bouncy-castle-crypto-package 1.11

  • Bouncycastle Bouncy-castle-crypto-package 1.12

  • Bouncycastle Bouncy-castle-crypto-package 1.13

  • Bouncycastle Bouncy-castle-crypto-package 1.14

  • Bouncycastle Bouncy-castle-crypto-package 1.15

  • Bouncycastle Bouncy-castle-crypto-package 1.16

  • Bouncycastle Bouncy-castle-crypto-package 1.17

  • Bouncycastle Bouncy-castle-crypto-package 1.18

  • Bouncycastle Bouncy-castle-crypto-package 1.19

  • Bouncycastle Bouncy-castle-crypto-package 1.20

  • Bouncycastle Bouncy-castle-crypto-package 1.21

  • Bouncycastle Bouncy-castle-crypto-package 1.22

  • Bouncycastle Bouncy-castle-crypto-package 1.23

  • Bouncycastle Bouncy-castle-crypto-package 1.24

  • Bouncycastle Bouncy-castle-crypto-package 1.25

  • Bouncycastle Bouncy-castle-crypto-package 1.26

  • Bouncycastle Bouncy-castle-crypto-package 1.27

  • Bouncycastle Bouncy-castle-crypto-package 1.28

  • Bouncycastle Bouncy-castle-crypto-package 1.29

  • Bouncycastle Bouncy-castle-crypto-package 1.3.1

  • Bouncycastle Bouncy-castle-crypto-package 1.30

  • Bouncycastle Bouncy-castle-crypto-package 1.32

  • Bouncycastle Bouncy-castle-crypto-package 1.33

  • Bouncycastle Bouncy-castle-crypto-package 1.34

  • Bouncycastle Bouncy-castle-crypto-package 1.35

  • Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.01

  • Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.02

  • Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.03

  • Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.04

  • Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.05

  • Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.06

  • Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.07

  • Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.08

  • Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.09

  • Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.10

  • Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.11

  • Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.12

  • Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.13

  • Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.14

  • Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.15

  • Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.16

  • Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.17

  • Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.18

  • Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.19

  • Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.20

  • Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.21

  • Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.22

  • Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.23

  • Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.24

  • Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.25

  • Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.26

  • Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.27

  • Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.28

  • Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.29

  • Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.30

  • Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.31

  • Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.32

  • Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.33

  • Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.34

  • Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.35

  • Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.36

  • Bouncycastle Legion-of-the-bouncy-castle-java-crytography-api 1.37


References

MLIST - [dev-crypto] 20071109 Bouncy Castle Crypto Provider Package version 1.36 now available

CONFIRM - http://www.bouncycastle.org/csharp/

OSVDB - 50360

OSVDB - 50359

OSVDB - 50358

CONFIRM - http://www.bouncycastle.org/releasenotes.html

CONFIRM - http://freshmeat.net/projects/bouncycastlecryptoapi/releases/265580


Last Updated: 27 May 2016 10:46:36