Download
Abstract
Obtain sensitive information with Apache WSS4J CVE-2015-0226
Download Description
PI36866 resolves the following problem:
ERROR DESCRIPTION:
Obtain sensitive information with web services Apache WSS4J CVE-2015-0226
LOCAL FIX:
PROBLEM SUMMARY:
Obtain sensitive information with web services Apache WSS4J CVE-2015-0226.
PROBLEM CONCLUSION:
Apache WSS4J could allow a remote attacker to obtain sensitive information, caused by Bleichenbacher's attack on XML Encryption. By sending a specially-crafted message, an attacker could exploit this vulnerability to decrypt the key and obtain sensitive information.
The fix for this APAR is currently targeted for inclusion in fix pack 8.5.5.6.
Prerequisites
None
Installation Instructions
Please review the readme.txt for detailed installation instructions.
Technical Support
Contact IBM Support using SR (http://www.ibm.com/software/support/probsub.html), visit the WebSphere Application Server support web site (http://www.ibm.com/software/webservers/appserv/was/support/), or contact 1-800-IBM-SERV (U.S. only).
Problems (APARS) fixed
Was this topic helpful?
Document Information
Modified date:
15 June 2018
UID
swg24040191