CVE-2015-0226 in PeopleSoft Enterprise PeopleToolsinfo

Summary

Apache WSS4J before 1.6.17 and 2.0.x before 2.0.2 improperly leaks information about decryption failures when decrypting an encrypted key or message data, which makes it easier for remote attackers to recover the plaintext form of a symmetric key via a series of crafted messages. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-2487.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Reservation

11/18/2014

Disclosure

10/30/2017

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
138103	Oracle PeopleSoft Enterprise PeopleTools Apache WSS4J risky encryption	327	Not defined	Official fix	CVE-2015-0226
108794	Apache WSS4J Incomplete Fix Leak risky encryption	327	Not defined	Official fix	CVE-2015-0226

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

◂ PreviousOverviewNext ▸