← Back

CVE-2015-0226

nvd nist
Published: Oct 30, 2017Modified: May 13, 2026

JSON object

Loading...
7.5
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

Apache WSS4J before 1.6.17 and 2.0.x before 2.0.2 improperly leaks information about decryption failures when decrypting an encrypted key or message data, which makes it easier for remote attackers to recover the plaintext form of a symmetric key via a series of crafted messages. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-2487.

Affected (5)

Products: Apache: Wss4j
Apache
1 product
Wss4j
Configuration A
5 vulnerable
Vulnerable SoftwareAffected Versions
Apache
Wss4j
Up to 1.6.16
Wss4j
Version 2.0.0
Wss4j
Version 2.0.0 rc1
Wss4j
Version 2.0.1
Wss4j
Version 2.0 beta

Related CWEs

CWE-327
Use of a Broken or Risky Cryptographic Algorithm
The product uses a broken or risky cryptographic algorithm or protocol.

References (22)

Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Third Party AdvisoryVDB Entry
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Issue TrackingVendor Advisory
Source: secalert@redhat.com
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.