It's possible to spoof signature of PKCS #1 v1.5 RSA key with exponent 3.
vulners.com/securityvulns/securityvulns:doc:14146
vulners.com/securityvulns/securityvulns:doc:14292
vulners.com/securityvulns/securityvulns:doc:14313
vulners.com/securityvulns/securityvulns:doc:14485
vulners.com/securityvulns/securityvulns:doc:14920