7.5

CVE-2015-0226

EPSS 4.62%
Veröffentlicht 30.10.2017 14:29:00
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

Apache WSS4J before 1.6.17 and 2.0.x before 2.0.2 improperly leaks information about decryption failures when decrypting an encrypted key or message data, which makes it easier for remote attackers to recover the plaintext form of a symmetric key via a series of crafted messages. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-2487.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 14

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apache ≫ Wss4j Version <= 1.6.16

Apache ≫ Wss4j Version2.0 Updatebeta

Apache ≫ Wss4j Version2.0.0

Apache ≫ Wss4j Version2.0.0 Updaterc1

Apache ≫ Wss4j Version2.0.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	4.62%	0.888

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-327 Use of a Broken or Risky Cryptographic Algorithm

The product uses a broken or risky cryptographic algorithm or protocol.

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

http://rhn.redhat.com/errata/RHSA-2015-1176.html

http://rhn.redhat.com/errata/RHSA-2015-1177.html

http://rhn.redhat.com/errata/RHSA-2015-0849.html

http://rhn.redhat.com/errata/RHSA-2015-0846.html

http://rhn.redhat.com/errata/RHSA-2015-0847.html

http://rhn.redhat.com/errata/RHSA-2015-0848.html

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03900en_us

https://access.redhat.com/errata/RHSA-2016:1376

http://www.securityfocus.com/bid/72553

Third Party Advisory

VDB Entry

https://ws.apache.org/wss4j/advisories/CVE-2015-0226.txt.asc

Vendor Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2015-0226

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-0226

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-0226

EUVD