- EPSS 16.4%
- Veröffentlicht 10.03.2021 08:15:14
- Zuletzt bearbeitet 21.11.2024 05:02:11
An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to u...
CVE-2011-2487
- EPSS 0.14%
- Veröffentlicht 11.03.2020 16:15:11
- Zuletzt bearbeitet 21.11.2024 01:28:23
The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack.
CVE-2015-0226
- EPSS 4.62%
- Veröffentlicht 30.10.2017 14:29:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
Apache WSS4J before 1.6.17 and 2.0.x before 2.0.2 improperly leaks information about decryption failures when decrypting an encrypted key or message data, which makes it easier for remote attackers to recover the plaintext form of a symmetric key via...
- EPSS 10.4%
- Veröffentlicht 12.02.2015 16:59:02
- Zuletzt bearbeitet 12.04.2025 10:46:40
Apache WSS4J before 1.6.17 and 2.x before 2.0.2 allows remote attackers to bypass the requireSignedEncryptedDataElements configuration via a vectors related to "wrapping attacks."
- EPSS 2.49%
- Veröffentlicht 30.10.2014 14:55:07
- Zuletzt bearbeitet 12.04.2025 10:46:40
Apache WSS4J before 1.6.17 and 2.x before 2.0.2, as used in Apache CXF 2.7.x before 2.7.13 and 3.0.x before 3.0.2, when using TransportBinding, does not properly enforce the SAML SubjectConfirmation method security semantics, which allows remote atta...