CVE-2007-6721 — Legion of the Bouncy Castle Java Cryptography API Bleichenbacher Oracle Vulnerab

Description

The Legion of the Bouncy Castle Java Cryptography API before release 1.38, as used in Crypto Provider Package before 1.36, has unknown impact and remote attack vectors related to "a Bleichenbacher vulnerability in simple RSA CMS signatures without signed attributes."

How to fix CVE-2007-6721

To remediate CVE-2007-6721, upgrade the affected package to a fixed version below.

Debian/bouncycastle—upgrade to 1.38-1 or later
Maven/bouncycastle:bcprov-jdk14—upgrade to 1.38 or later
—upgrade to 1.38 or later
—upgrade to 1.38 or later

Is CVE-2007-6721 being exploited?

Low — EPSS is 0.9%, meaning exploitation activity has not been observed at scale.

Affected packages (4)

from 0, < 1.38-1
from 0, < 1.38
from 0, < 1.38
from 0, < 1.38

References (6)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2007-6721
ADVISORYsecurity-tracker.debian.org/tracker/CVE-2007-6721
PATCHgithub.com/bcgit/bc-java
WEBweb.archive.org/web/20071022023551/http://www.bouncycastle.org/csharp