PT-2009-1169 · Bouncy Castle · Bouncy Castle Java Cryptography Api+1
Published
2009-03-30
·
Updated
2025-05-12
·
CVE-2007-6721
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Bouncy Castle Java Cryptography API versions prior to 1.38
Crypto Provider Package versions prior to 1.36
Description
The issue is related to a Bleichenbacher vulnerability in simple RSA CMS signatures without signed attributes, which has unknown impact and remote attack vectors.
Recommendations
For Bouncy Castle Java Cryptography API versions prior to 1.38, update to version 1.38 or later.
For Crypto Provider Package versions prior to 1.36, update to version 1.36 or later.
Fix
Side Channel Attack
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bouncy Castle Java Cryptography Api
Crypto Provider Package