CVE-2011-2487

Use of a Broken or Risky Cryptographic Algorithm in maven/org.apache.ws.security/wss4j

Identifiers

GHSA-4qqf-hmv6-r6wh, CVE-2011-2487

Package Slug

maven/org.apache.ws.security/wss4j

Vulnerability

Use of a Broken or Risky Cryptographic Algorithm

Description

The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack.

Affected Versions

All versions before 1.6.5

Solution

Upgrade to version 1.6.5 or above.

Last Modified

2022-07-26

source