{"url":"http://public2.vulnerablecode.io/api/packages/20839?format=json","purl":"pkg:maven/org.apache.ws.security/wss4j@1.6.17","type":"maven","namespace":"org.apache.ws.security","name":"wss4j","version":"1.6.17","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15713?format=json","vulnerability_id":"VCID-6cjx-y4ey-e3b6","summary":"Use of a Broken or Risky Cryptographic Algorithm in Apache WSS4J\nApache WSS4J before 1.6.17 and 2.0.x before 2.0.2 improperly leaks information about decryption failures when decrypting an encrypted key or message data, which makes it easier for remote attackers to recover the plaintext form of a symmetric key via a series of crafted messages. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-2487.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0846.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0846.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0847.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0847.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0848.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0848.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0849.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0849.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-1176.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-1176.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-1177.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-1177.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1376","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2016:1376"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0226.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0226.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-0226","reference_id":"","reference_type":"","scores":[{"value":"0.0521","scoring_system":"epss","scoring_elements":"0.89939","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0521","scoring_system":"epss","scoring_elements":"0.89896","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0521","scoring_system":"epss","scoring_elements":"0.89899","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0521","scoring_system":"epss","scoring_elements":"0.89912","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0521","scoring_system":"epss","scoring_elements":"0.89917","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0521","scoring_system":"epss","scoring_elements":"0.89934","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0521","scoring_system":"epss","scoring_elements":"0.8994","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0521","scoring_system":"epss","scoring_elements":"0.89948","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0521","scoring_system":"epss","scoring_elements":"0.89946","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-0226"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0226","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0226"},{"reference_url":"https://github.com/apache/ws-wss4j","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/ws-wss4j"},{"reference_url":"https://github.com/apache/ws-wss4j/commit/970b3e3756e2c75bf2379ce198365e1a7168c3c3","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/ws-wss4j/commit/970b3e3756e2c75bf2379ce198365e1a7168c3c3"},{"reference_url":"https://github.com/apache/ws-wss4j/commit/de5104b30ddde5fe7388ad57e1c5ace5c5509924","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/ws-wss4j/commit/de5104b30ddde5fe7388ad57e1c5ace5c5509924"},{"reference_url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03900en_us","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03900en_us"},{"reference_url":"https://svn.apache.org/viewvc?view=revision&revision=1621329","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://svn.apache.org/viewvc?view=revision&revision=1621329"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"},{"reference_url":"http://www.securityfocus.com/bid/72553","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/72553"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1191446","reference_id":"1191446","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1191446"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777741","reference_id":"777741","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777741"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:wss4j:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:wss4j:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:wss4j:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:wss4j:2.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:wss4j:2.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:wss4j:2.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:wss4j:2.0.0:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:wss4j:2.0.0:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:wss4j:2.0.0:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:wss4j:2.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:wss4j:2.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:wss4j:2.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:wss4j:2.0:beta:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:wss4j:2.0:beta:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:wss4j:2.0:beta:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-0226","reference_id":"CVE-2015-0226","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-0226"},{"reference_url":"https://ws.apache.org/wss4j/advisories/CVE-2015-0226.txt.asc","reference_id":"CVE-2015-0226.TXT.ASC","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://ws.apache.org/wss4j/advisories/CVE-2015-0226.txt.asc"},{"reference_url":"https://github.com/advisories/GHSA-vjwc-5hfh-2vv5","reference_id":"GHSA-vjwc-5hfh-2vv5","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vjwc-5hfh-2vv5"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0773","reference_id":"RHSA-2015:0773","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0773"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0846","reference_id":"RHSA-2015:0846","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0846"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0847","reference_id":"RHSA-2015:0847","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0847"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0848","reference_id":"RHSA-2015:0848","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0848"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0849","reference_id":"RHSA-2015:0849","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0849"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1009","reference_id":"RHSA-2015:1009","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1009"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1176","reference_id":"RHSA-2015:1176","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1176"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1177","reference_id":"RHSA-2015:1177","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1177"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20839?format=json","purl":"pkg:maven/org.apache.ws.security/wss4j@1.6.17","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.ws.security/wss4j@1.6.17"}],"aliases":["CVE-2015-0226","GHSA-vjwc-5hfh-2vv5"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6cjx-y4ey-e3b6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4982?format=json","vulnerability_id":"VCID-cnmd-pk6j-fuae","summary":"Apache WSS4J before 1.6.17 and 2.x before 2.0.2 allows remote attackers to bypass the requireSignedEncryptedDataElements configuration via a vectors related to \"wrapping attacks.\"","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0773.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0773.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0846.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0846.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0847.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0847.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0848.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0848.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0849.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0849.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-1176.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-1176.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-1177.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-1177.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0227.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0227.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-0227","reference_id":"","reference_type":"","scores":[{"value":"0.13872","scoring_system":"epss","scoring_elements":"0.94301","published_at":"2026-04-13T12:55:00Z"},{"value":"0.13872","scoring_system":"epss","scoring_elements":"0.94269","published_at":"2026-04-02T12:55:00Z"},{"value":"0.13872","scoring_system":"epss","scoring_elements":"0.9428","published_at":"2026-04-04T12:55:00Z"},{"value":"0.13872","scoring_system":"epss","scoring_elements":"0.94282","published_at":"2026-04-07T12:55:00Z"},{"value":"0.13872","scoring_system":"epss","scoring_elements":"0.94291","published_at":"2026-04-08T12:55:00Z"},{"value":"0.13872","scoring_system":"epss","scoring_elements":"0.94295","published_at":"2026-04-09T12:55:00Z"},{"value":"0.13872","scoring_system":"epss","scoring_elements":"0.94299","published_at":"2026-04-12T12:55:00Z"},{"value":"0.13872","scoring_system":"epss","scoring_elements":"0.9426","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-0227"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0227","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0227"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/100837","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/100837"},{"reference_url":"https://github.com/apache/wss4j/commit/5ec5295c9773c9ae43fdc6c3321d0e2af1041e62","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/wss4j/commit/5ec5295c9773c9ae43fdc6c3321d0e2af1041e62"},{"reference_url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03900en_us","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03900en_us"},{"reference_url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1191451","reference_id":"1191451","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1191451"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777741","reference_id":"777741","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777741"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-0227","reference_id":"CVE-2015-0227","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-0227"},{"reference_url":"http://ws.apache.org/wss4j/advisories/CVE-2015-0227.txt.asc","reference_id":"CVE-2015-0227.TXT.ASC","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://ws.apache.org/wss4j/advisories/CVE-2015-0227.txt.asc"},{"reference_url":"https://github.com/advisories/GHSA-6r5v-hp32-fjqw","reference_id":"GHSA-6r5v-hp32-fjqw","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6r5v-hp32-fjqw"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0773","reference_id":"RHSA-2015:0773","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0773"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0846","reference_id":"RHSA-2015:0846","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0846"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0847","reference_id":"RHSA-2015:0847","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0847"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0848","reference_id":"RHSA-2015:0848","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0848"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0849","reference_id":"RHSA-2015:0849","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0849"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1009","reference_id":"RHSA-2015:1009","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1009"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1176","reference_id":"RHSA-2015:1176","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1176"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1177","reference_id":"RHSA-2015:1177","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1177"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20839?format=json","purl":"pkg:maven/org.apache.ws.security/wss4j@1.6.17","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.ws.security/wss4j@1.6.17"},{"url":"http://public2.vulnerablecode.io/api/packages/54779?format=json","purl":"pkg:maven/org.apache.ws.security/wss4j@2.02","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.ws.security/wss4j@2.02"}],"aliases":["CVE-2015-0227","GHSA-6r5v-hp32-fjqw"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cnmd-pk6j-fuae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7021?format=json","vulnerability_id":"VCID-wmr9-j6fm-pbap","summary":"Improper security semantics enforcement of SAML SubjectConfirmation methods\nThis package when using `TransportBinding`, does not properly enforce the SAML `SubjectConfirmation` method security semantics, which allows remote attackers to conduct spoofing attacks via unspecified vectors.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0236.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0236.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0675.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0675.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0850.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0850.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-0851.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2015-0851.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3623.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3623.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3623","reference_id":"","reference_type":"","scores":[{"value":"0.0249","scoring_system":"epss","scoring_elements":"0.85314","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0249","scoring_system":"epss","scoring_elements":"0.85242","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0249","scoring_system":"epss","scoring_elements":"0.85254","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0249","scoring_system":"epss","scoring_elements":"0.85273","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0249","scoring_system":"epss","scoring_elements":"0.85274","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0249","scoring_system":"epss","scoring_elements":"0.85296","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0249","scoring_system":"epss","scoring_elements":"0.85304","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0249","scoring_system":"epss","scoring_elements":"0.85319","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0249","scoring_system":"epss","scoring_elements":"0.85317","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3623"},{"reference_url":"http://seclists.org/oss-sec/2014/q4/437","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/oss-sec/2014/q4/437"},{"reference_url":"http://secunia.com/advisories/61909","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/61909"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/97754","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/97754"},{"reference_url":"https://issues.apache.org/jira/browse/WSS-511","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://issues.apache.org/jira/browse/WSS-511"},{"reference_url":"https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E"},{"reference_url":"http://www.securityfocus.com/bid/70736","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/70736"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1157304","reference_id":"1157304","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1157304"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:wss4j:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:wss4j:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:wss4j:*:*:*:*:*:*:*:*"},{"reference_url":"https://bugzilla.redhat.com/CVE-2014-3623","reference_id":"CVE-2014-3623","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/CVE-2014-3623"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3623","reference_id":"CVE-2014-3623","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:P/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3623"},{"reference_url":"http://cxf.apache.org/security-advisories.data/CVE-2014-3623.txt.asc","reference_id":"CVE-2014-3623.TXT.ASC","reference_type":"","scores":[],"url":"http://cxf.apache.org/security-advisories.data/CVE-2014-3623.txt.asc"},{"reference_url":"https://github.com/advisories/GHSA-99v3-9x35-c5vf","reference_id":"GHSA-99v3-9x35-c5vf","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-99v3-9x35-c5vf"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:2019","reference_id":"RHSA-2014:2019","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:2019"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:2020","reference_id":"RHSA-2014:2020","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:2020"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0236","reference_id":"RHSA-2015:0236","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0236"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0675","reference_id":"RHSA-2015:0675","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0675"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0850","reference_id":"RHSA-2015:0850","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0850"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:0851","reference_id":"RHSA-2015:0851","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:0851"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/20839?format=json","purl":"pkg:maven/org.apache.ws.security/wss4j@1.6.17","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.ws.security/wss4j@1.6.17"}],"aliases":["CVE-2014-3623","GHSA-99v3-9x35-c5vf"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wmr9-j6fm-pbap"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.ws.security/wss4j@1.6.17"}