Home > Vulnerability Database > CVE-2015-0226

Mend.io Vulnerability Database

CVE-2015-0226

Good to know:

Date: October 30, 2017

Apache WSS4J before 1.6.17 and 2.0.x before 2.0.2 improperly leaks information about decryption failures when decrypting an encrypted key or message data, which makes it easier for remote attackers to recover the plaintext form of a symmetric key via a series of crafted messages. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-2487.

Language: Java

Severity Score

7.5

Related Resources (17)

Url: http://rhn.redhat.com/errata/RHSA-2015-1177.html

Url: https://ws.apache.org/wss4j/advisories/CVE-2015-0226.txt.asc

Url: https://nvd.nist.gov/vuln/detail/CVE-2015-0226

Url: http://www.securityfocus.com/bid/72553

Url: https://access.redhat.com/errata/RHSA-2016:1376

Url: https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03900en_us

Url: https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

Url: http://rhn.redhat.com/errata/RHSA-2015-0846.html

Url: https://svn.apache.org/viewvc?view=revision&revision=1621329

Url: https://github.com/apache/ws-wss4j/commit/de5104b30ddde5fe7388ad57e1c5ace5c5509924

Url: http://rhn.redhat.com/errata/RHSA-2015-0848.html

Url: https://github.com/apache/ws-wss4j

Url: https://github.com/apache/ws-wss4j/commit/970b3e3756e2c75bf2379ce198365e1a7168c3c3

Url: http://rhn.redhat.com/errata/RHSA-2015-0849.html

Url: http://rhn.redhat.com/errata/RHSA-2015-1176.html

Url: http://rhn.redhat.com/errata/RHSA-2015-0847.html

Url: https://www.mend.io/vulnerability-database/CVE-2015-0226

Severity Score

7.5

Weakness Type (CWE)

Use of a Broken or Risky Cryptographic Algorithm

CWE-327

Top Fix

Upgrade Version

Upgrade to version 1.6.17,2.0.2

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2015-0226

Good to know:

Date: October 30, 2017

Language: Java

Severity Score

Related Resources (17)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?