Lucene search

Wss4J Security Vulnerabilities - CVSS Score 5 - 6

cve

CVE-2011-2487

The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack.

5.9CVSS

5.7AI Score

0.006EPSS

2020-03-11 04:15 PM

cve

CVE-2014-3623

Apache WSS4J before 1.6.17 and 2.x before 2.0.2, as used in Apache CXF 2.7.x before 2.7.13 and 3.0.x before 3.0.2, when using TransportBinding, does not properly enforce the SAML SubjectConfirmation method security semantics, which allows remote attackers to conduct spoofing attacks via unspecified...

6.5AI Score

0.004EPSS

2014-10-30 02:55 PM

cve

CVE-2015-0227

Apache WSS4J before 1.6.17 and 2.x before 2.0.2 allows remote attackers to bypass the requireSignedEncryptedDataElements configuration via a vectors related to "wrapping attacks."

6.2AI Score

0.002EPSS

2015-02-12 04:59 PM