5 matches found
EUVD-2022-3343
Malicious code in bioql PyPI...
com.amazon.aes.webservices.client:ec2-java-client (=20080327), com.cybersource:cybersource-sdk-java (>=6.2.0 <=6.2.1) +83 more potentially affected by CVE-2011-2487 via wss4j:wss4j (>=1.5.0 <=1.5.1)
wss4j:wss4j MAVEN version =1.5.0, =6.2.0, =1.0.12, =9.00.2110.07.220316, =0.0.9, =0.0.3, =0.0.3, =0.0.3, =0.0.3, =0.3.0 - com.github.rapidark:rapid-ark-pretty =0.3.0 - com.github.rapidark:rapid-ark-pretty-demo =0.3.0 - com.github.rapidark:rapid-ark-pretty-demo-keeper =0.3.0 -...
wss4j: Apache WSS4J is vulnerable to Bleichenbacher's attack (incomplete fix for CVE-2011-2487)
It was found that a prior countermeasure in Apache WSS4J for Bleichenbacher's attack on XML Encryption CVE-2011-2487 threw an exception that permitted an attacker to determine the failure of the attempted attack, thereby leaving WSS4J vulnerable to the attack. The original flaw allowed a remote...
wss4j: Apache WSS4J is vulnerable to Bleichenbacher's attack (incomplete fix for CVE-2011-2487)
It was found that a prior countermeasure in Apache WSS4J for Bleichenbacher's attack on XML Encryption CVE-2011-2487 threw an exception that permitted an attacker to determine the failure of the attempted attack, thereby leaving WSS4J vulnerable to the attack. The original flaw allowed a remote...
CVE-2015-0227
Apache WSS4J before 1.6.17 and 2.x before 2.0.2 allows remote attackers to bypass the requireSignedEncryptedDataElements configuration via a vectors related to "wrapping attacks."...