- EPSS 10.88%
- Published 10.03.2021 08:15:14
- Last modified 21.11.2024 05:02:11
An attacker that is able to modify Velocity templates may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running the Servlet container. This applies to applications that allow untrusted users to u...
CVE-2011-2487
- EPSS 0.14%
- Published 11.03.2020 16:15:11
- Last modified 21.11.2024 01:28:23
The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack.
CVE-2015-0226
- EPSS 4.62%
- Published 30.10.2017 14:29:00
- Last modified 20.04.2025 01:37:25
Apache WSS4J before 1.6.17 and 2.0.x before 2.0.2 improperly leaks information about decryption failures when decrypting an encrypted key or message data, which makes it easier for remote attackers to recover the plaintext form of a symmetric key via...
- EPSS 17.74%
- Published 12.02.2015 16:59:02
- Last modified 12.04.2025 10:46:40
Apache WSS4J before 1.6.17 and 2.x before 2.0.2 allows remote attackers to bypass the requireSignedEncryptedDataElements configuration via a vectors related to "wrapping attacks."
- EPSS 1.52%
- Published 30.10.2014 14:55:07
- Last modified 12.04.2025 10:46:40
Apache WSS4J before 1.6.17 and 2.x before 2.0.2, as used in Apache CXF 2.7.x before 2.7.13 and 3.0.x before 3.0.2, when using TransportBinding, does not properly enforce the SAML SubjectConfirmation method security semantics, which allows remote atta...