VYPR
Moderate severityNVD Advisory· Published Feb 12, 2015· Updated Jun 17, 2026

CVE-2015-0227

CVE-2015-0227

Description

Apache WSS4J before 1.6.17 and 2.x before 2.0.2 allows remote attackers to bypass the requireSignedEncryptedDataElements configuration via a vectors related to "wrapping attacks."

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.ws.security:wss4jMaven
< 1.6.171.6.17
org.apache.ws.security:wss4jMaven
>= 2.0.0, < 2.022.02
wss4j:wss4jMaven
< 1.6.171.6.17

Affected products

6
  • Apache/Wss4j4 versions
    cpe:2.3:a:apache:wss4j:*:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:apache:wss4j:*:*:*:*:*:*:*:*range: <=1.6.16
    • cpe:2.3:a:apache:wss4j:2.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:apache:wss4j:2.0.0:rc1:*:*:*:*:*:*
    • cpe:2.3:a:apache:wss4j:2.0.1:*:*:*:*:*:*:*
  • ghsa-coords2 versions
    < 1.6.17+ 1 more
    • (no CPE)range: < 1.6.17
    • (no CPE)range: < 1.6.17

Patches

Vulnerability mechanics

References

14

News mentions

0

No linked articles in our index yet.