Описание
Apache WSS4J before 1.6.17 and 2.x before 2.0.2 allows remote attackers to bypass the requireSignedEncryptedDataElements configuration via a vectors related to "wrapping attacks."
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.6.16 (включая)
Одно из
cpe:2.3:a:apache:wss4j:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:wss4j:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:wss4j:2.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:apache:wss4j:2.0.1:*:*:*:*:*:*:*
EPSS
Процентиль: 94%
0.13872
Средний
5 Medium
CVSS2
Дефекты
CWE-264
Связанные уязвимости
ubuntu
почти 11 лет назад
Apache WSS4J before 1.6.17 and 2.x before 2.0.2 allows remote attackers to bypass the requireSignedEncryptedDataElements configuration via a vectors related to "wrapping attacks."
redhat
почти 11 лет назад
Apache WSS4J before 1.6.17 and 2.x before 2.0.2 allows remote attackers to bypass the requireSignedEncryptedDataElements configuration via a vectors related to "wrapping attacks."
debian
почти 11 лет назад
Apache WSS4J before 1.6.17 and 2.x before 2.0.2 allows remote attacker ...
EPSS
Процентиль: 94%
0.13872
Средний
5 Medium
CVSS2
Дефекты
CWE-264