| -----BEGIN PGP SIGNED MESSAGE----- |
| Hash: SHA1 |
| |
| CVE-2015-0226: Apache WSS4J is (still) vulnerable to Bleichenbacher's attack |
| |
| Severity: Major |
| |
| Vendor: The Apache Software Foundation |
| |
| Versions Affected: |
| |
| This vulnerability affects all versions of Apache WSS4J prior to 1.6.17 and |
| 2.0.2. |
| |
| Description: |
| |
| Apache WSS4J 1.6.5 contained a countermeasure for Bleichenbacher's attack on |
| XML Encryption, where the PKCS#1 v1.5 Key Transport Algorithm is used to |
| encrypt symmetric keys as part of WS-Security. In particular, the fix avoided |
| leaking information on whether decryption failed when decrypting the encrypted |
| key or decrypting the message data. |
| |
| However, it is still possible to craft a message such that an attacker can tell |
| where the decryption failure took place, and hence WSS4J is vulnerable to the |
| original attack. |
| |
| See here for more information on the original fix for WSS4J 1.6.5: |
| |
| http://cxf.apache.org/note-on-cve-2011-2487.html |
| |
| This has been fixed in revision: |
| |
| http://svn.apache.org/viewvc?view=revision&revision=1621329 |
| |
| Migration: |
| |
| WSS4J 1.6.x users should upgrade to 1.6.17 or later as soon as possible. |
| WSS4J 2.0.x users should upgrade to 2.0.2 or later as soon as possible. |
| |
| References: http://ws.apache.org/wss4j/security_advisories.html |
| |
| Acknowledgments: Dennis Kupser, Christian Mainka, Juraj Somorovsky (Ruhr |
| University Bochum) |
| -----BEGIN PGP SIGNATURE----- |
| Version: GnuPG v1 |
| |
| iQEcBAEBAgAGBQJU2dzUAAoJEGe/gLEK1TmD9g0H/iARiT79KnfLBwRCJqRNGS7u |
| OvN/ZuqhtFMSqeS6l0AiY0uvTTvLuJOyNbEk+guU9K0IqwyBPpM/jQXILGyvBDx4 |
| MzlGn/ot26Dwcdw1v58KJuAxKh287Ht1FBEgL2fpT2/PJZWRptFVsXWPmfJdipcn |
| SKlXkfZS9amgbh6CtZisW5iLrsDfbNK6rd40ZYr7lkB/bFMuCYi+bxKTgZE+/PS/ |
| BvTv2qYtpvFxLWhakXKE4ycLLR4SMh57MXkFecyQXh4ArhiDYOceVWS+VtzTVumm |
| vZnLhwlCXEkgAJJcaq80OM+/bSbw/v+8kplsEcRLW21eW1i/Gg14TCsp+2T8x7o= |
| =Qhzt |
| -----END PGP SIGNATURE----- |