Apache WSS4J Configuration Bypass Vulnerability
CVE-2015-0227

Currently unrated

Key Information:

Vendor

Apache
Status
Wss4j
Vendor
CVE Published:
12 February 2015

What is CVE-2015-0227?

Apache WSS4J versions prior to 1.6.17 and 2.x before 2.0.2 are affected by a vulnerability that allows remote attackers to bypass the requireSignedEncryptedDataElements setting. This occurs through specific vectors associated with wrapping attacks, enabling malicious actors to manipulate SOAP messages without proper security controls. Users of vulnerable versions should consider upgrading to mitigate potential risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://rhn.redhat.com/errata/RHSA-2015-0773.html
vendor-advisoryx_refsource_REDHAT
https://exchange.xforce.ibmcloud.com/vulnerabilities/100837
vdb-entryx_refsource_XF
http://rhn.redhat.com/errata/RHSA-2015-0849.html
vendor-advisoryx_refsource_REDHAT

EPSS Score

13% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.