CVE-2015-0227

CVSS v2.0 5 (Medium)

EPSS 0.17 % (54^th)

Affected Products 1

Advisories 1

Apache WSS4J before 1.6.17 and 2.x before 2.0.2 allows remote attackers to bypass the requireSignedEncryptedDataElements configuration via a vectors related to "wrapping attacks."

Weaknesses

CWE-264: Permissions, Privileges, and Access Controls

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2015-02-12 16:59:02
(9 years ago)
Updated Date: 2018-10-04 10:29:01
(6 years ago)

Affected Products

Apache

Wss4j

Configuration #1

	CPE23	Up To
Apache Wss4j 1.6.16 and prior versions	cpe:2.3:a:apache:wss4j	<= 1.6.16
Apache Wss4j 2.0.0	cpe:2.3:a:apache:wss4j:2.0.0
Apache Wss4j 2.0.0 Rc1	cpe:2.3:a:apache:wss4j:2.0.0:rc1
Apache Wss4j 2.0.1	cpe:2.3:a:apache:wss4j:2.0.1