Lucene search
K

4 matches found

OSV
OSV
added 2022/05/14 2:57 a.m.3 views

GHSA-6R5V-HP32-FJQW Improper Access Control in Apache WSS4J

Apache WSS4J before 1.6.17 and 2.x before 2.0.2 allows remote attackers to bypass the requireSignedEncryptedDataElements configuration via a vectors related to "wrapping attacks."...

5CVSS6.9AI score0.07543EPSS
Exploits0References12
RedHat Linux
RedHat Linux
added 2015/04/16 4:26 p.m.4 views

wss4j: Apache WSS4J doesn't correctly enforce the requireSignedEncryptedDataElements property

It was found that Apache WSS4J permitted bypass of the requireSignedEncryptedDataElements configuration property via XML Signature wrapping attacks. A remote attacker could use this flaw to modify the contents of a signed request...

5CVSS6.7AI score0.07543EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2015/04/16 4:17 p.m.6 views

wss4j: Apache WSS4J doesn't correctly enforce the requireSignedEncryptedDataElements property

It was found that Apache WSS4J permitted bypass of the requireSignedEncryptedDataElements configuration property via XML Signature wrapping attacks. A remote attacker could use this flaw to modify the contents of a signed request...

5CVSS6.7AI score0.07543EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2015/04/16 3:39 p.m.5 views

wss4j: Apache WSS4J doesn't correctly enforce the requireSignedEncryptedDataElements property

It was found that Apache WSS4J permitted bypass of the requireSignedEncryptedDataElements configuration property via XML Signature wrapping attacks. A remote attacker could use this flaw to modify the contents of a signed request...

5CVSS6.7AI score0.07543EPSS
Exploits0References4
Rows per page
Query Builder