CVE-2015-0226

Impact:
Important
Public Date:
2015-02-10
CWE:
CWE-327
Bugzilla:
1191446: CVE-2015-0226 wss4j: Apache WSS4J is vulnerable to Bleichenbacher's attack (incomplete fix for CVE-2011-2487)
It was found that a prior countermeasure in Apache WSS4J for Bleichenbacher's attack on XML Encryption (CVE-2011-2487) threw an exception that permitted an attacker to determine the failure of the attempted attack, thereby leaving WSS4J vulnerable to the attack. The original flaw allowed a remote attacker to recover the entire plain text form of a symmetric key.

Find out more about CVE-2015-0226 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v2 metrics

Base Score 7.8
Base Metrics AV:N/AC:L/Au:N/C:C/I:N/A:N
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact Complete
Integrity Impact None
Availability Impact None

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat JBoss Portal 6.2 RHSA-2015:1009 2015-05-14
Red Hat JBoss A-MQ 6.2 RHSA-2015:1177 2015-06-23
Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server RHSA-2015:0847 2015-04-16
Red Hat JBoss Fuse 6.2 RHSA-2015:1176 2015-06-23
Red Hat JBoss Enterprise Application Platform 6.4 RHSA-2015:0849 2015-04-16
Red Hat JBoss Enterprise Application Platform 6.3 for RHEL 7 Server RHSA-2015:0848 2015-04-16
Red Hat JBoss SOA Platform 5.3 RHSA-2016:1376 2016-06-30
Red Hat JBoss Data Grid 6.4 RHSA-2015:0773 2015-04-01
Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server RHSA-2015:0846 2015-04-16

Affected Packages State

Platform Package State
Red Hat OpenShift Enterprise 2 wss4j Affected
Red Hat JBoss Operations Network 3 wss4j Affected
Red Hat JBoss Operations Network 2 wss4j Not affected
Red Hat JBoss Fuse Service Works 6 wss4j Affected
Red Hat JBoss Enterprise SOA Platform 4 wss4j Not affected
Red Hat JBoss Data Virtualization 6 wss4j Affected
Red Hat JBoss BRMS 6 wss4j Affected
Red Hat JBoss BRMS 5 wss4j Affected

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact Red Hat Product Security.

Last Modified
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.