CVE-2015-0227
published 2015-02-12CVE-2015-0227: Apache WSS4J before 1.6.17 and 2.x before 2.0.2 allows remote attackers to bypass the requireSignedEncryptedDataElements configuration via a vectors related to…
medium5CVSS 3.1
AVNACLAuNCNIPAN
Apache WSS4J before 1.6.17 and 2.x before 2.0.2 allows remote attackers to bypass the requireSignedEncryptedDataElements configuration via a vectors related to "wrapping attacks."
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | tomcat | — | — |
| apache | wss4j | <= 1.6.16 | — |
| apache | wss4j | — | — |
| apache | wss4j | — | — |
| apache | wss4j | >= 0 < 1.6.15-2 | 1.6.15-2 |
| apache | wss4j | >= 0 < 1.6.15-2 | 1.6.15-2 |
| apache | wss4j | >= 0 < 1.6.15-2 | 1.6.15-2 |
| apache | wss4j | >= 0 < 1.6.15-2 | 1.6.15-2 |
| debian | wss4j | < wss4j 1.6.15-2 (bookworm) | wss4j 1.6.15-2 (bookworm) |
CVSS provenance
nvd5.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
osv5.0MEDIUM