CVE-2015-0226
Summary
| CVE | CVE-2015-0226 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-10-30 14:29:00 UTC |
| Updated | 2019-07-23 23:15:00 UTC |
| Description | Apache WSS4J before 1.6.17 and 2.0.x before 2.0.2 improperly leaks information about decryption failures when decrypting an encrypted key or message data, which makes it easier for remote attackers to recover the plaintext form of a symmetric key via a series of crafted messages. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-2487. |
Risk And Classification
Problem Types: CWE-327
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Apache | Wss4j | 2.0 | beta | All | All |
| Application | Apache | Wss4j | 2.0.0 | All | All | All |
| Application | Apache | Wss4j | 2.0.0 | rc1 | All | All |
| Application | Apache | Wss4j | 2.0.1 | All | All | All |
| Application | Apache | Wss4j | 2.0 | beta | All | All |
| Application | Apache | Wss4j | 2.0.0 | All | All | All |
| Application | Apache | Wss4j | 2.0.0 | rc1 | All | All |
| Application | Apache | Wss4j | 2.0.1 | All | All | All |
| Application | Apache | Wss4j | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | |
| Oracle Critical Patch Update - July 2019 | MISC | www.oracle.com | |
| Apache WSS4J CVE-2015-0226 Information Disclosure Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| ws.apache.org/wss4j/advisories/CVE-2015-0226.txt.asc | CONFIRM | ws.apache.org | Issue Tracking, Vendor Advisory |
| Document Display | HPE Support Center | CONFIRM | support.hpe.com | |
| Red Hat Customer Portal - Access to 24x7 support and knowledge | REDHAT | access.redhat.com | |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.