CVE-2015-0227
12.02.2015, 16:59
Apache WSS4J before 1.6.17 and 2.x before 2.0.2 allows remote attackers to bypass the requireSignedEncryptedDataElements configuration via a vectors related to "wrapping attacks."Enginsight
Vendor | Product | Version |
---|---|---|
apache | wss4j | 𝑥 ≤ 1.6.16 |
apache | wss4j | 2.0.0 |
apache | wss4j | 2.0.0:rc1 |
apache | wss4j | 2.0.1 |
𝑥
= Vulnerable software versions

Debian Releases

Ubuntu Releases
Common Weakness Enumeration
References