Apache WSS4J is prone to an information-disclosure vulnerability.
Successfully exploiting this issue can allow an attacker to obtain sensitive information that may aid in launching further attacks.
Attackers can use readily available tools to exploit this issue.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Bugtraq ID: | 72553 |
Class: | Design Error |
CVE: | CVE-2015-0226 |
Remote: | Yes |
Local: | No |
Published: | Feb 10 2015 12:00AM |
Updated: | Jul 17 2019 05:00AM |
Credit: | The vendor reported this issue. |
Vulnerable: | Redhat JBoss Fuse 6.1.0 Redhat JBoss Enterprise Application Platform 6.3 Redhat JBoss A-MQ 6.1.0 Oracle PeopleSoft Enterprise PeopleTools 8.57 Oracle PeopleSoft Enterprise PeopleTools 8.56 Oracle PeopleSoft Enterprise PeopleTools 8.55 IBM WebSphere Application Server Liberty Profile 8.5.5.5 IBM WebSphere Application Server Liberty Profile 8.5.5.4 IBM WebSphere Application Server Liberty Profile 8.5.5.3 IBM WebSphere Application Server Liberty Profile 8.5.5.2 IBM WebSphere Application Server Liberty Profile 8.5.5.1 IBM WebSphere Application Server Liberty Profile 8.5 IBM Care management 6.0 IBM Cúram Social Program Management 6.0.5 IBM Cúram Social Program Management 6.0.4 IBM Cúram Social Program Management 6.1 IBM Cúram Social Program Management 6.0 SP2 IBM Cúram Social Program Management 5.2 SP6 Apache Wss4j 1.6.14 Apache Wss4j 2.0.1 Apache Wss4j 1.6.16 Apache Wss4j 1.6.15 Apache Wss4j 1.6.13 Apache Wss4j 1.6.12 Apache Wss4j 1.6.11 Apache Wss4j 1.6.10 |
Not Vulnerable: | Redhat JBoss Fuse 6.2 Redhat JBoss Enterprise Application Platform 6.4 Redhat JBoss A-MQ 6.2 IBM WebSphere Application Server Liberty Profile 8.5.5.6 Apache Wss4j 2.0.2 Apache Wss4j 1.6.17 |
References:
- Apache WSS4J Homepage (The Apache Software Foundation)
- CVE-2015-0226: Apache WSS4J is (still) vulnerable to Bleichenbacher's attack (The Apache Software Foundation)
- Important: Red Hat JBoss A-MQ 6.2.0 update (Red Hat)
- Important: Red Hat JBoss Fuse 6.2.0 update (Red Hat)
- Oracle Critical Patch Update Advisory - July 2019 (Oracle)
- RHSA-2015-0849 (Red Hat)
- swg21959083: Security Bulletin: Multiple Security Vulnerabilities fixed in IBM W (IBM)
- swg21964133: Vulnerabilities in WSS4J affects IBM C?ram (CVE-2015-0226 & CVE-201 (IBM)
from SecurityFocus Vulnerabilities https://ift.tt/2zmHE5E
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.