5 matches found
EUVD-2026-36210
Wss4jSecurityInterceptor did not consistently wire Apache WSS4J ReplayCache instances into RequestData for validation-time checks. As a result, protections against replay of UsernameToken nonces and creation timestamps, Timestamp elements, and certain SAML one-time-use semantics could be...
CVE-2026-40994 Wss4jSecurityInterceptor disables WS-I BSP validation by default
Wss4jSecurityInterceptor initialized its BSP WS-I Basic Security Profile compliance flag so that inbound validation disabled WSS4J BSP enforcement on RequestData. Services that validate WS-Security on the network could therefore accept messages that violate BSP rules, weakening protocol-level...
CVE-2026-40994
Summary: CVE-2026-40994 affects Spring Web Services where Wss4jSecurityInterceptor initializes its BSP flag to disable BSP enforcement on inbound data, weakening protocol-level WS-Security checks. Affected versions: Spring Web Services 5.0.0–5.0.1; 4.1.0–4.1.3; 4.0.0–4.0.18; 3.1.0–3.1.8. Impact (...
VMware Spring Web Services 安全漏洞
VMware Spring Web Services is a SOAP Web services development framework provided by the American company VMware. There are security vulnerabilities in versions 5.0.0 to 5.0.1, 4.1.0 to 4.1.3, 4.0.0 to 4.0.18, and 3.1.0 to 3.1.8 of VMware Spring Web Services. These vulnerabilities stem from the...
Replay Attack
Overview Affected versions of this package are vulnerable to Replay Attack due to the Wss4jSecurityInterceptor class in Wss4jSecurityInterceptor.java not consistently wiring configured Apache WSS4J ReplayCache instances into RequestData for validation-time checks. As a result, replay protections...