CVE-2015-0226
Description
Apache WSS4J before 1.6.17 and 2.0.x before 2.0.2 improperly leaks information about decryption failures when decrypting an encrypted key or message data, which makes it easier for remote attackers to recover the plaintext form of a symmetric key via a series of crafted messages. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-2487.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
5.21
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2015-0227,CVE-2015-0226,CVE-2014-3623 are fixed in Apache-wss4j 1.6.17 | Windows |
| Vulnerabilities CVE-2015-0226,CVE-2014-3623 are fixed in Apache-wss4j-ws-security-dom 2.0.2 | Windows |
| Multiple vulnerabilities are affected in Oracle PeopleSoft Enterprise PeopleTools 8.55 | Windows |
| Multiple vulnerabilities are affected in Oracle PeopleSoft Enterprise PeopleTools 8.56 | Windows |
| Multiple vulnerabilities are affected in Oracle PeopleSoft Enterprise PeopleTools 8.57 | Windows |
| Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.1.0.3 | Windows |
| Multiple Vulnerabilities are affected in IBM Sterling B2B Integrator 6.0.3.4 | Windows |
| Vulnerabilities CVE-2015-0227,CVE-2015-0226,CVE-2014-3623 are fixed in Apache-wss4j for Linux 1.6.17 | Linux |
| Vulnerabilities CVE-2015-0226,CVE-2014-3623 are fixed in Apache-wss4j-ws-security-dom for Linux 2.0.2 | Linux |
| Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2015-0226) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234