High severity7.5NVD Advisory· Published Oct 30, 2017· Updated May 13, 2026

CVE-2015-0226

Description

Apache WSS4J before 1.6.17 and 2.0.x before 2.0.2 improperly leaks information about decryption failures when decrypting an encrypted key or message data, which makes it easier for remote attackers to recover the plaintext form of a symmetric key via a series of crafted messages. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-2487.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
org.apache.ws.security:wss4jMaven	< 1.6.17	1.6.17
org.apache.wss4j:wss4j-ws-security-domMaven	>= 2.0.0, < 2.0.2	2.0.2

Affected products

Apache/Wss4j5 versions
cpe:2.3:a:apache:wss4j:*:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:apache:wss4j:*:*:*:*:*:*:*:*range: <=1.6.16
- cpe:2.3:a:apache:wss4j:2.0:beta:*:*:*:*:*:*
- cpe:2.3:a:apache:wss4j:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:wss4j:2.0.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:apache:wss4j:2.0.1:*:*:*:*:*:*:*

Patches

970b3e3756e2

Some changes to random key generation

https://github.com/apache/ws-wss4jColm O hEigeartaighAug 29, 2014via ghsa

commit

1 file changed · +12 −3

src/main/java/org/apache/ws/security/processor/EncryptedKeyProcessor.java+12 −3 modified

@@ -19,6 +19,7 @@
 
 package org.apache.ws.security.processor;
 
+import java.security.NoSuchAlgorithmException;
 import java.security.PrivateKey;
 import java.security.cert.X509Certificate;
 import java.security.spec.MGF1ParameterSpec;
@@ -212,7 +213,7 @@ public List<WSSecurityEngineResult> handleToken(
     private static byte[] getRandomKey(List<String> dataRefURIs, Document doc, WSDocInfo wsDocInfo) throws WSSecurityException {
         try {
             String alg = "AES";
-            int size = 128;
+            int size = 16;
             if (!dataRefURIs.isEmpty()) {
                 String uri = dataRefURIs.iterator().next();
                 Element ee = ReferenceListProcessor.findEncryptedDataElement(doc, wsDocInfo, uri);
@@ -224,8 +225,16 @@ private static byte[] getRandomKey(List<String> dataRefURIs, Document doc, WSDoc
             kgen.init(size * 8);
             SecretKey k = kgen.generateKey();
             return k.getEncoded();
-        } catch (Exception ex) {
-            throw new WSSecurityException(WSSecurityException.FAILED_CHECK, null, null, ex);
+        } catch (Throwable ex) {
+            // Fallback to just using AES to avoid attacks on EncryptedData algorithms
+            try {
+                KeyGenerator kgen = KeyGenerator.getInstance("AES");
+                kgen.init(128);
+                SecretKey k = kgen.generateKey();
+                return k.getEncoded();
+            } catch (NoSuchAlgorithmException e) {
+                throw new WSSecurityException(WSSecurityException.FAILED_CHECK, null, null, e);
+            }
         }
     }

de5104b30ddd

[CVE-2015-0226] Some changes to random key generation

https://github.com/apache/ws-wss4jColm O hEigeartaighAug 29, 2014via ghsa

commit

1 file changed · +12 −3

ws-security-dom/src/main/java/org/apache/wss4j/dom/processor/EncryptedKeyProcessor.java+12 −3 modified

@@ -19,6 +19,7 @@
 
 package org.apache.wss4j.dom.processor;
 
+import java.security.NoSuchAlgorithmException;
 import java.security.PrivateKey;
 import java.security.cert.X509Certificate;
 import java.security.spec.MGF1ParameterSpec;
@@ -244,7 +245,7 @@ public List<WSSecurityEngineResult> handleToken(
     private static byte[] getRandomKey(List<String> dataRefURIs, Document doc, WSDocInfo wsDocInfo) throws WSSecurityException {
         try {
             String alg = "AES";
-            int size = 128;
+            int size = 16;
             if (!dataRefURIs.isEmpty()) {
                 String uri = dataRefURIs.iterator().next();
                 Element ee = ReferenceListProcessor.findEncryptedDataElement(doc, wsDocInfo, uri);
@@ -256,8 +257,16 @@ private static byte[] getRandomKey(List<String> dataRefURIs, Document doc, WSDoc
             kgen.init(size * 8);
             SecretKey k = kgen.generateKey();
             return k.getEncoded();
-        } catch (Exception ex) {
-            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK, ex);
+        } catch (Throwable ex) {
+            // Fallback to just using AES to avoid attacks on EncryptedData algorithms
+            try {
+                KeyGenerator kgen = KeyGenerator.getInstance("AES");
+                kgen.init(128);
+                SecretKey k = kgen.generateKey();
+                return k.getEncoded();
+            } catch (NoSuchAlgorithmException e) {
+                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK, e);
+            }
         }
     }

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

www.securityfocus.com/bid/72553nvdThird Party AdvisoryVDB Entry
github.com/advisories/GHSA-vjwc-5hfh-2vv5ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2015-0226ghsaADVISORY
ws.apache.org/wss4j/advisories/CVE-2015-0226.txt.ascnvdIssue TrackingVendor AdvisoryWEB
rhn.redhat.com/errata/RHSA-2015-0846.htmlnvdWEB
rhn.redhat.com/errata/RHSA-2015-0847.htmlnvdWEB
rhn.redhat.com/errata/RHSA-2015-0848.htmlnvdWEB
rhn.redhat.com/errata/RHSA-2015-0849.htmlnvdWEB
rhn.redhat.com/errata/RHSA-2015-1176.htmlnvdWEB
rhn.redhat.com/errata/RHSA-2015-1177.htmlnvdWEB
access.redhat.com/errata/RHSA-2016:1376nvdWEB
github.com/apache/ws-wss4j/commit/970b3e3756e2c75bf2379ce198365e1a7168c3c3ghsaWEB
github.com/apache/ws-wss4j/commit/de5104b30ddde5fe7388ad57e1c5ace5c5509924ghsaWEB
support.hpe.com/hpsc/doc/public/displaynvdWEB
svn.apache.org/viewvcghsaWEB
www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlnvdWEB

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.004
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000