VulnerableCode Package Details - pkg:maven/wss4j/wss4j@1.5.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-5spn-5yfr-hkeh Aliases: CVE-2011-2487 GHSA-4qqf-hmv6-r6wh	Use of a Broken or Risky Cryptographic Algorithm The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack.	1.6.5 Affected by 0 other vulnerabilities.
VCID-cnmd-pk6j-fuae Aliases: CVE-2015-0227 GHSA-6r5v-hp32-fjqw	Apache WSS4J before 1.6.17 and 2.x before 2.0.2 allows remote attackers to bypass the requireSignedEncryptedDataElements configuration via a vectors related to "wrapping attacks."	1.6.17 Affected by 0 other vulnerabilities.
VCID-wmr9-j6fm-pbap Aliases: CVE-2014-3623 GHSA-99v3-9x35-c5vf	Improper security semantics enforcement of SAML SubjectConfirmation methods This package when using `TransportBinding`, does not properly enforce the SAML `SubjectConfirmation` method security semantics, which allows remote attackers to conduct spoofing attacks via unspecified vectors.	1.6.17 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-5spn-5yfr-hkeh
Aliases:
CVE-2011-2487
GHSA-4qqf-hmv6-r6wh

Use of a Broken or Risky Cryptographic Algorithm The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack.

1.6.5
Affected by 0 other vulnerabilities.

VCID-cnmd-pk6j-fuae
Aliases:
CVE-2015-0227
GHSA-6r5v-hp32-fjqw

Apache WSS4J before 1.6.17 and 2.x before 2.0.2 allows remote attackers to bypass the requireSignedEncryptedDataElements configuration via a vectors related to "wrapping attacks."

1.6.17
Affected by 0 other vulnerabilities.

VCID-wmr9-j6fm-pbap
Aliases:
CVE-2014-3623
GHSA-99v3-9x35-c5vf

Improper security semantics enforcement of SAML SubjectConfirmation methods This package when using `TransportBinding`, does not properly enforce the SAML `SubjectConfirmation` method security semantics, which allows remote attackers to conduct spoofing attacks via unspecified vectors.

1.6.17
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-19T15:30:03.366780+00:00	GitLab Importer	Affected by	VCID-cnmd-pk6j-fuae	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/wss4j/wss4j/CVE-2015-0227.yml	38.4.0
2026-04-19T15:24:50.502059+00:00	GitLab Importer	Affected by	VCID-5spn-5yfr-hkeh	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/wss4j/wss4j/CVE-2011-2487.yml	38.4.0
2026-04-16T20:31:58.697837+00:00	GitLab Importer	Affected by	VCID-wmr9-j6fm-pbap	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/wss4j/wss4j/CVE-2014-3623.yml	38.4.0
2026-04-11T21:42:21.854388+00:00	GitLab Importer	Affected by	VCID-wmr9-j6fm-pbap	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/wss4j/wss4j/CVE-2014-3623.yml	38.3.0
2026-04-02T21:56:31.115953+00:00	GitLab Importer	Affected by	VCID-wmr9-j6fm-pbap	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/wss4j/wss4j/CVE-2014-3623.yml	38.1.0
2026-04-01T16:13:41.063647+00:00	GitLab Importer	Affected by	VCID-wmr9-j6fm-pbap	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/wss4j/wss4j/CVE-2014-3623.yml	38.0.0