CVE-2015-0227

Опубликовано: 12 фев. 2015

Источник: debian

EPSS Средний

Описание

Apache WSS4J before 1.6.17 and 2.x before 2.0.2 allows remote attackers to bypass the requireSignedEncryptedDataElements configuration via a vectors related to "wrapping attacks."

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
wss4j	fixed	1.6.15-2		package
wss4j	not-affected		wheezy	package
wss4j	not-affected		squeeze	package

EPSS

Процентиль: 94%

0.13872

Средний

Связанные уязвимости

CVE-2015-0227

ubuntu

почти 11 лет назад

Apache WSS4J before 1.6.17 and 2.x before 2.0.2 allows remote attackers to bypass the requireSignedEncryptedDataElements configuration via a vectors related to "wrapping attacks."

CVE-2015-0227

redhat

почти 11 лет назад

Apache WSS4J before 1.6.17 and 2.x before 2.0.2 allows remote attackers to bypass the requireSignedEncryptedDataElements configuration via a vectors related to "wrapping attacks."

CVE-2015-0227

nvd

почти 11 лет назад

Apache WSS4J before 1.6.17 and 2.x before 2.0.2 allows remote attackers to bypass the requireSignedEncryptedDataElements configuration via a vectors related to "wrapping attacks."

GHSA-6r5v-hp32-fjqw

github

больше 3 лет назад

Improper Access Control in Apache WSS4J

EPSS

Процентиль: 94%

0.13872

Средний