[prev in list] [next in list] [prev in thread] [next in thread]
List: ws-general
Subject: Two new security advisories released for Apache WSS4J
From: Colm O hEigeartaigh <coheigea () apache ! org>
Date: 2015-02-10 11:41:37
Message-ID: CAB8XdGBJuywczWKQz5otQH4kgu2kEGtOxgZNpA5-2hy4f0ySeA () mail ! gmail ! com
[Download RAW message or body]
Two new security advisories have been released for Apache WSS4J:
1) CVE-2015-0226: Apache WSS4J is (still) vulnerable to Bleichenbacher's
attack
http://ws.apache.org/wss4j/advisories/CVE-2015-0226.txt.asc
2) CVE-2015-0227: Apache WSS4J doesn't correctly enforce the
requireSignedEncryptedDataElements property
http://ws.apache.org/wss4j/advisories/CVE-2015-0227.txt.asc
Please note that both of these advisories were fixed in WSS4J 2.0.2 and
1.6.17, both of which were released last year.
Colm.
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
[Attachment #3 (text/html)]
<div dir="ltr"><div>Two new security advisories have been released for Apache \
WSS4J:<br><br>1) CVE-2015-0226: Apache WSS4J is (still) vulnerable to \
Bleichenbacher's attack<br><br><a \
href="http://ws.apache.org/wss4j/advisories/CVE-2015-0226.txt.asc">http://ws.apache.org/wss4j/advisories/CVE-2015-0226.txt.asc</a><br><br>2) \
CVE-2015-0227: Apache WSS4J doesn't correctly enforce the \
requireSignedEncryptedDataElements property<br><br><a \
href="http://ws.apache.org/wss4j/advisories/CVE-2015-0227.txt.asc">http://ws.apache.org/wss4j/advisories/CVE-2015-0227.txt.asc</a><br><br></div>Please \
note that both of these advisories were fixed in WSS4J 2.0.2 and 1.6.17, both of \
which were released last year. <br><br>Colm.<br><div><div><div><br clear="all"><br>-- \
<br><div class="gmail_signature">Colm O hEigeartaigh<br><br>Talend Community \
Coder<br><a href="http://coders.talend.com" \
target="_blank">http://coders.talend.com</a><br></div></div></div></div></div>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic