CVE-2015-0227

Currently unrated

Key Information:

Vendor: Apache
Status: Wss4j
Vendor: CVE Published:; 12 February 2015

Summary

Apache WSS4J before 1.6.17 and 2.x before 2.0.2 allows remote attackers to bypass the requireSignedEncryptedDataElements configuration via a vectors related to "wrapping attacks."

References

http://rhn.redhat.com/errata/RHSA-2015-0773.html

vendor-advisoryx_refsource_REDHAT

https://exchange.xforce.ibmcloud.com/vulnerabilities/100837

vdb-entryx_refsource_XF

http://rhn.redhat.com/errata/RHSA-2015-0849.html

vendor-advisoryx_refsource_REDHAT

Timeline

Vulnerability published
Feb 12, 2015
Vulnerability Reserved
Nov 18, 2014