CVE-2007-6721
EPSS 0.86%Legion of the Bouncy Castle Java Cryptography API Bleichenbacher Oracle Vulnerability
發布日:2022/5/1修改日:2023/11/8
描述
The Legion of the Bouncy Castle Java Cryptography API before release 1.38, as used in Crypto Provider Package before 1.36, has unknown impact and remote attack vectors related to "a Bleichenbacher vulnerability in simple RSA CMS signatures without signed attributes."
受影響套件(4)
- Debian/bouncycastlefrom 0, < 1.38-1
- Maven/bouncycastle:bcprov-jdk14from 0, < 1.38
- Maven/bouncycastle:bcprov-jdk15from 0, < 1.38
- Maven/bouncycastle:bcprov-jdk16from 0, < 1.38
參考連結(6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2007-6721
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2007-6721
- PATCHhttps://github.com/bcgit/bc-java
- WEBhttps://web.archive.org/web/20071022023551/http://www.bouncycastle.org/csharp
- WEBhttps://web.archive.org/web/20080316202318/http://www.bouncycastle.org:80/releasenotes.html
- WEBhttp://www.bouncycastle.org/devmailarchive/msg08195.html