Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.apache.ws.security/wss4j@1.6.9
purl pkg:maven/org.apache.ws.security/wss4j@1.6.9
Next non-vulnerable version 1.6.17
Latest non-vulnerable version 1.6.17
Risk 4.0
Vulnerabilities affecting this package (3)
Vulnerability Summary Fixed by
VCID-6cjx-y4ey-e3b6
Aliases:
CVE-2015-0226
GHSA-vjwc-5hfh-2vv5
Use of a Broken or Risky Cryptographic Algorithm in Apache WSS4J Apache WSS4J before 1.6.17 and 2.0.x before 2.0.2 improperly leaks information about decryption failures when decrypting an encrypted key or message data, which makes it easier for remote attackers to recover the plaintext form of a symmetric key via a series of crafted messages. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-2487.
1.6.17
Affected by 0 other vulnerabilities.
VCID-cnmd-pk6j-fuae
Aliases:
CVE-2015-0227
GHSA-6r5v-hp32-fjqw
Apache WSS4J before 1.6.17 and 2.x before 2.0.2 allows remote attackers to bypass the requireSignedEncryptedDataElements configuration via a vectors related to "wrapping attacks."
1.6.17
Affected by 0 other vulnerabilities.
2.02
Affected by 0 other vulnerabilities.
VCID-wmr9-j6fm-pbap
Aliases:
CVE-2014-3623
GHSA-99v3-9x35-c5vf
Improper security semantics enforcement of SAML SubjectConfirmation methods This package when using `TransportBinding`, does not properly enforce the SAML `SubjectConfirmation` method security semantics, which allows remote attackers to conduct spoofing attacks via unspecified vectors.
1.6.17
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-11T23:07:37.260461+00:00 GitLab Importer Affected by VCID-6cjx-y4ey-e3b6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.ws.security/wss4j/CVE-2015-0226.yml 38.3.0
2026-04-11T23:07:20.017340+00:00 GitLab Importer Affected by VCID-cnmd-pk6j-fuae https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.ws.security/wss4j/CVE-2015-0227.yml 38.3.0
2026-04-11T21:42:21.541342+00:00 GitLab Importer Affected by VCID-wmr9-j6fm-pbap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.ws.security/wss4j/CVE-2014-3623.yml 38.3.0
2026-04-02T23:15:56.360199+00:00 GitLab Importer Affected by VCID-6cjx-y4ey-e3b6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.ws.security/wss4j/CVE-2015-0226.yml 38.1.0
2026-04-02T23:15:33.033338+00:00 GitLab Importer Affected by VCID-cnmd-pk6j-fuae https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.ws.security/wss4j/CVE-2015-0227.yml 38.1.0
2026-04-02T21:56:30.797784+00:00 GitLab Importer Affected by VCID-wmr9-j6fm-pbap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.ws.security/wss4j/CVE-2014-3623.yml 38.1.0
2026-04-01T17:36:00.256893+00:00 GitLab Importer Affected by VCID-6cjx-y4ey-e3b6 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.ws.security/wss4j/CVE-2015-0226.yml 38.0.0
2026-04-01T17:35:34.832617+00:00 GitLab Importer Affected by VCID-cnmd-pk6j-fuae https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.ws.security/wss4j/CVE-2015-0227.yml 38.0.0
2026-04-01T16:13:40.708461+00:00 GitLab Importer Affected by VCID-wmr9-j6fm-pbap https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.ws.security/wss4j/CVE-2014-3623.yml 38.0.0