CVE-2007-6721

high

Description

The Legion of the Bouncy Castle Java Cryptography API before release 1.38, as used in Crypto Provider Package before 1.36, has unknown impact and remote attack vectors related to "a Bleichenbacher vulnerability in simple RSA CMS signatures without signed attributes."

References

http://www.osvdb.org/50360

http://www.osvdb.org/50359

http://www.osvdb.org/50358

http://www.bouncycastle.org/releasenotes.html

http://www.bouncycastle.org/devmailarchive/msg08195.html

http://www.bouncycastle.org/csharp/

http://freshmeat.net/projects/bouncycastlecryptoapi/releases/265580

Details

Source: Mitre, NVD

Published: 2009-03-30

Updated: 2026-04-23

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 7.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Severity: High

EPSS

EPSS: 0.00789