PT-2017-6437 · Apache · Apache Wss4J

Christian Mainka

+2

·

Publicado

2017-10-30

·

Atualizado

2022-05-14

·

CVE-2015-0226

CVSS v3.1

7.5

Alta

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions Apache WSS4J versions prior to 1.6.17 Apache WSS4J versions 2.0.x prior to 2.0.2
Description The issue allows remote attackers to recover the plaintext form of a symmetric key via a series of crafted messages, due to improper information leakage about decryption failures when decrypting an encrypted key or message data.
Recommendations For Apache WSS4J versions prior to 1.6.17, update to version 1.6.17 or later. For Apache WSS4J versions 2.0.x prior to 2.0.2, update to version 2.0.2 or later.

Correção

Use of a Broken Cryptographic Algorithm

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-327

Identificadores relacionados

CVE-2015-0226
GHSA-VJWC-5HFH-2VV5
RHSA-2015:0846
RHSA-2015:0847
RHSA-2015:0848

Produtos afetados

Apache Wss4J