7.5

CVE-2015-0226

EPSS 4.62%
Published 30.10.2017 14:29:00
Last modified 20.04.2025 01:37:25
Source secalert@redhat.com
Teams watchlist Login
Open Login

Apache WSS4J before 1.6.17 and 2.0.x before 2.0.2 improperly leaks information about decryption failures when decrypting an encrypted key or message data, which makes it easier for remote attackers to recover the plaintext form of a symmetric key via a series of crafted messages. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-2487.

Affected products Warnungen 0 Metrics 3 CWE 1 References 14

Data is provided by the National Vulnerability Database (NVD)

Apache ≫ Wss4j Version <= 1.6.16

Apache ≫ Wss4j Version2.0 Updatebeta

Apache ≫ Wss4j Version2.0.0

Apache ≫ Wss4j Version2.0.0 Updaterc1

Apache ≫ Wss4j Version2.0.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	4.62%	0.888

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-327 Use of a Broken or Risky Cryptographic Algorithm

The product uses a broken or risky cryptographic algorithm or protocol.

https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

http://rhn.redhat.com/errata/RHSA-2015-1176.html

http://rhn.redhat.com/errata/RHSA-2015-1177.html

http://rhn.redhat.com/errata/RHSA-2015-0849.html

http://rhn.redhat.com/errata/RHSA-2015-0846.html

http://rhn.redhat.com/errata/RHSA-2015-0847.html

http://rhn.redhat.com/errata/RHSA-2015-0848.html

https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03900en_us

https://access.redhat.com/errata/RHSA-2016:1376

http://www.securityfocus.com/bid/72553

Third Party Advisory

VDB Entry

https://ws.apache.org/wss4j/advisories/CVE-2015-0226.txt.asc

Vendor Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2015-0226

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-0226

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-0226

EUVD