Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-0227

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2015-0227
Last Modified 09 Jul 2015 09:59:09
Published 12 Feb 2015 11:59:02
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2015-0227

Summary

Apache WSS4J before 1.6.17 and 2.x before 2.0.2 allows remote attackers to bypass the requireSignedEncryptedDataElements configuration via a vectors related to "wrapping attacks."

Vulnerable Systems

Application

  • Apache Wss4j 1.6.16

  • Apache Wss4j 2.0.0

  • Apache Wss4j 2.0.1


References

CONFIRM - http://ws.apache.org/wss4j/advisories/CVE-2015-0227.txt.asc

BID - 72557

XF - apache-wss4j-sec-bypass(100837)

REDHAT - RHSA-2015:0773

REDHAT - RHSA-2015:0849

REDHAT - RHSA-2015:0848

REDHAT - RHSA-2015:0847

REDHAT - RHSA-2015:0846

REDHAT - RHSA-2015:1177

REDHAT - RHSA-2015:1176


Last Updated: 27 May 2016 11:09:10