CVE-2015-0226 in PeopleSoft Enterprise PeopleToolsinformación

Resumen (Inglés)

Apache WSS4J before 1.6.17 and 2.0.x before 2.0.2 improperly leaks information about decryption failures when decrypting an encrypted key or message data, which makes it easier for remote attackers to recover the plaintext form of a symmetric key via a series of crafted messages. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-2487.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Reservar

2014-11-18

Divulgación

2017-10-30

Estado

Confirmado

Voces

VulDB provides additional information and datapoints for this CVE:

IDVulnerabilidadCWEExpConCVE
138103Oracle PeopleSoft Enterprise PeopleTools Apache WSS4J cifrado débil327No está definidoArreglo oficialCVE-2015-0226
108794Apache WSS4J Incomplete Fix Leak cifrado débil327No está definidoArreglo oficialCVE-2015-0226

Descripción

CPE

CWE

CVSS

Hazañas

Historia

Diferencia

Relacionar

Inteligencia de amenazas

API JSON

API XML

API CSV

Fuentes

AnteriorVisión De ConjuntoPróximo

Do you know our Splunk app?

Download it now for free!