exploit the possibilities
Showing 1 - 8 of 8 RSS Feed

CVE-2015-0226

Status Candidate

Overview

Apache WSS4J before 1.6.17 and 2.0.x before 2.0.2 improperly leaks information about decryption failures when decrypting an encrypted key or message data, which makes it easier for remote attackers to recover the plaintext form of a symmetric key via a series of crafted messages. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-2487.

Related Files

Red Hat Security Advisory 2016-1376-01
Posted Jun 30, 2016
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2016-1376-01 - Red Hat JBoss SOA Platform is the next-generation ESB and business process automation infrastructure. Red Hat JBoss SOA Platform allows IT to leverage existing, modern, and future integration methodologies to dramatically improve business process execution speed and quality. Security Fix: It was found that JGroups did not require necessary headers for encrypt and auth protocols from new nodes joining the cluster. An attacker could use this flaw to bypass security restrictions, and use this vulnerability to send and receive messages within the cluster, leading to information disclosure, message spoofing, or further possible attacks.

tags | advisory, spoof, protocol, info disclosure
systems | linux, redhat
advisories | CVE-2015-0226, CVE-2015-0254, CVE-2015-3253, CVE-2016-2141, CVE-2016-2510
MD5 | 19d549e2bf200ce1007cbd7889159a9f
Red Hat Security Advisory 2015-1177-01
Posted Jun 23, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1177-01 - Red Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards-compliant messaging system that is tailored for use in mission critical applications. Red Hat JBoss A-MQ 6.2.0 is a minor product release that updates Red Hat JBoss A-MQ 6.1.0 and includes several bug fixes and enhancements.

tags | advisory
systems | linux, redhat
advisories | CVE-2014-3577, CVE-2014-8175, CVE-2015-0226, CVE-2015-0227, CVE-2015-1796
MD5 | 530b5e4cdc4f5e774d306ca7be2a36d5
Red Hat Security Advisory 2015-1176-01
Posted Jun 23, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1176-01 - Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. The following security fixes are addressed in this release: It was found that async-http-client would disable SSL/TLS certificate verification under certain conditions, for example if HTTPS communication also used client certificates. A man-in-the-middle attacker could use this flaw to spoof a valid certificate. It was found that async-http-client did not verify that the server hostname matched the domain name in the subject's Common Name or subjectAltName field in X.509 certificates. This could allow a man-in-the-middle attacker to spoof an SSL server if they had a certificate that was valid for any domain name.

tags | advisory, web, spoof
systems | linux, redhat
advisories | CVE-2013-7397, CVE-2013-7398, CVE-2014-0363, CVE-2014-0364, CVE-2014-3577, CVE-2014-4651, CVE-2014-5075, CVE-2014-8175, CVE-2015-0226, CVE-2015-0227, CVE-2015-1796
MD5 | 5d72436e8fed1f5efcea4f419d078ae6
Red Hat Security Advisory 2015-0849-01
Posted Apr 17, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0849-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that a prior countermeasure in Apache WSS4J for Bleichenbacher's attack on XML Encryption threw an exception that permitted an attacker to determine the failure of the attempted attack, thereby leaving WSS4J vulnerable to the attack. The original flaw allowed a remote attacker to recover the entire plain text form of a symmetric key. A flaw was found in the way PicketLink's Service Provider and Identity Provider handled certain requests. A remote attacker could use this flaw to log to a victim's account via PicketLink.

tags | advisory, java, remote
systems | linux, redhat
advisories | CVE-2014-3570, CVE-2014-3586, CVE-2014-8111, CVE-2015-0204, CVE-2015-0226, CVE-2015-0227, CVE-2015-0277
MD5 | 0148b68e6197a1a1a33e9a91233e1ad3
Red Hat Security Advisory 2015-0846-01
Posted Apr 17, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0846-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that a prior countermeasure in Apache WSS4J for Bleichenbacher's attack on XML Encryption threw an exception that permitted an attacker to determine the failure of the attempted attack, thereby leaving WSS4J vulnerable to the attack. The original flaw allowed a remote attacker to recover the entire plain text form of a symmetric key. It was found that Apache WSS4J permitted bypass of the requireSignedEncryptedDataElements configuration property via XML Signature wrapping attacks. A remote attacker could use this flaw to modify the contents of a signed request.

tags | advisory, java, remote
systems | linux, redhat
advisories | CVE-2014-3586, CVE-2014-8111, CVE-2015-0226, CVE-2015-0227, CVE-2015-0277
MD5 | 49e5181768690f11ea136329bd3da6ff
Red Hat Security Advisory 2015-0848-01
Posted Apr 17, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0848-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that a prior countermeasure in Apache WSS4J for Bleichenbacher's attack on XML Encryption threw an exception that permitted an attacker to determine the failure of the attempted attack, thereby leaving WSS4J vulnerable to the attack. The original flaw allowed a remote attacker to recover the entire plain text form of a symmetric key. A flaw was found in the way PicketLink's Service Provider and Identity Provider handled certain requests. A remote attacker could use this flaw to log to a victim's account via PicketLink.

tags | advisory, java, remote
systems | linux, redhat
advisories | CVE-2014-3586, CVE-2014-8111, CVE-2015-0226, CVE-2015-0227, CVE-2015-0277
MD5 | f5a99a1766d57bf2a375733af6fc47f7
Red Hat Security Advisory 2015-0847-01
Posted Apr 17, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0847-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that a prior countermeasure in Apache WSS4J for Bleichenbacher's attack on XML Encryption threw an exception that permitted an attacker to determine the failure of the attempted attack, thereby leaving WSS4J vulnerable to the attack. The original flaw allowed a remote attacker to recover the entire plain text form of a symmetric key. It was found that Apache WSS4J permitted bypass of the requireSignedEncryptedDataElements configuration property via XML Signature wrapping attacks. A remote attacker could use this flaw to modify the contents of a signed request.

tags | advisory, java, remote
systems | linux, redhat
advisories | CVE-2014-3586, CVE-2014-8111, CVE-2015-0226, CVE-2015-0227, CVE-2015-0277
MD5 | 6658f0d803a2a57a456e99a171ea082d
Red Hat Security Advisory 2015-0773-01
Posted Apr 1, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0773-01 - Red Hat JBoss Data Grid is a distributed in-memory data grid, based on Infinispan. This release of Red Hat JBoss Data Grid 6.4.1 serves as a replacement for Red Hat JBoss Data Grid 6.4.0. It includes various bug fixes and enhancements, which are detailed in the Red Hat JBoss Data Grid 6.4.1 Release Notes.

tags | advisory
systems | linux, redhat
advisories | CVE-2013-4002, CVE-2014-7839, CVE-2014-8122, CVE-2015-0226, CVE-2015-0227
MD5 | 646ee5a7987f6753fcf916a00ee9a84c
Page 1 of 1
Back1Next

File Archive:

May 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    16 Files
  • 2
    May 2nd
    8 Files
  • 3
    May 3rd
    8 Files
  • 4
    May 4th
    2 Files
  • 5
    May 5th
    1 Files
  • 6
    May 6th
    15 Files
  • 7
    May 7th
    22 Files
  • 8
    May 8th
    16 Files
  • 9
    May 9th
    17 Files
  • 10
    May 10th
    16 Files
  • 11
    May 11th
    3 Files
  • 12
    May 12th
    4 Files
  • 13
    May 13th
    25 Files
  • 14
    May 14th
    24 Files
  • 15
    May 15th
    78 Files
  • 16
    May 16th
    16 Files
  • 17
    May 17th
    16 Files
  • 18
    May 18th
    2 Files
  • 19
    May 19th
    1 Files
  • 20
    May 20th
    11 Files
  • 21
    May 21st
    21 Files
  • 22
    May 22nd
    20 Files
  • 23
    May 23rd
    36 Files
  • 24
    May 24th
    2 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close