Vulnerabilities > CVE-2007-6721 - Unspecified vulnerability in Bouncycastle products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN bouncycastle
nessus
Summary
The Legion of the Bouncy Castle Java Cryptography API before release 1.38, as used in Crypto Provider Package before 1.36, has unknown impact and remote attack vectors related to "a Bleichenbacher vulnerability in simple RSA CMS signatures without signed attributes."
Vulnerable Configurations
Nessus
NASL family | Web Servers |
NASL id | OPENSSL_0_9_7K_0_9_8C.NASL |
description | According to its banner, the remote server is running a version of OpenSSL that is earlier than 0.9.7k or 0.9.8c. These versions do not properly verify PKCS #1 v1.5 signatures and X509 certificates when the RSA exponent is 3. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 17756 |
published | 2012-01-04 |
reporter | This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/17756 |
title | OpenSSL < 0.9.7k / 0.9.8c PKCS Padding RSA Signature Forgery Vulnerability |
code |
|
References
- http://freshmeat.net/projects/bouncycastlecryptoapi/releases/265580
- http://freshmeat.net/projects/bouncycastlecryptoapi/releases/265580
- http://www.bouncycastle.org/csharp/
- http://www.bouncycastle.org/csharp/
- http://www.bouncycastle.org/devmailarchive/msg08195.html
- http://www.bouncycastle.org/devmailarchive/msg08195.html
- http://www.bouncycastle.org/releasenotes.html
- http://www.bouncycastle.org/releasenotes.html
- http://www.osvdb.org/50358
- http://www.osvdb.org/50358
- http://www.osvdb.org/50359
- http://www.osvdb.org/50359
- http://www.osvdb.org/50360
- http://www.osvdb.org/50360