Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-n4jc-awv6-j7h6
Vulnerability ID VCID-n4jc-awv6-j7h6
Aliases CVE-2015-0226
GHSA-vjwc-5hfh-2vv5
Summary Use of a Broken or Risky Cryptographic Algorithm in Apache WSS4J Apache WSS4J before 1.6.17 and 2.0.x before 2.0.2 improperly leaks information about decryption failures when decrypting an encrypted key or message data, which makes it easier for remote attackers to recover the plaintext form of a symmetric key via a series of crafted messages. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-2487.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-327 Use of a Broken or Risky Cryptographic Algorithm
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3.1 7.5 http://rhn.redhat.com/errata/RHSA-2015-0846.html
generic_textual HIGH http://rhn.redhat.com/errata/RHSA-2015-0846.html
cvssv3.1 7.5 http://rhn.redhat.com/errata/RHSA-2015-0847.html
generic_textual HIGH http://rhn.redhat.com/errata/RHSA-2015-0847.html
cvssv3.1 7.5 http://rhn.redhat.com/errata/RHSA-2015-0848.html
generic_textual HIGH http://rhn.redhat.com/errata/RHSA-2015-0848.html
cvssv3.1 7.5 http://rhn.redhat.com/errata/RHSA-2015-0849.html
generic_textual HIGH http://rhn.redhat.com/errata/RHSA-2015-0849.html
cvssv3.1 7.5 http://rhn.redhat.com/errata/RHSA-2015-1176.html
generic_textual HIGH http://rhn.redhat.com/errata/RHSA-2015-1176.html
cvssv3.1 7.5 http://rhn.redhat.com/errata/RHSA-2015-1177.html
generic_textual HIGH http://rhn.redhat.com/errata/RHSA-2015-1177.html
cvssv3.1 7.5 https://access.redhat.com/errata/RHSA-2016:1376
generic_textual HIGH https://access.redhat.com/errata/RHSA-2016:1376
epss 0.0521 https://api.first.org/data/v1/epss?cve=CVE-2015-0226
cvssv3.1 7.5 https://github.com/apache/ws-wss4j
generic_textual HIGH https://github.com/apache/ws-wss4j
cvssv3.1 7.5 https://github.com/apache/ws-wss4j/commit/970b3e3756e2c75bf2379ce198365e1a7168c3c3
generic_textual HIGH https://github.com/apache/ws-wss4j/commit/970b3e3756e2c75bf2379ce198365e1a7168c3c3
cvssv3.1 7.5 https://github.com/apache/ws-wss4j/commit/de5104b30ddde5fe7388ad57e1c5ace5c5509924
generic_textual HIGH https://github.com/apache/ws-wss4j/commit/de5104b30ddde5fe7388ad57e1c5ace5c5509924
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2015-0226
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2015-0226
cvssv3.1 7.5 https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03900en_us
generic_textual HIGH https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03900en_us
cvssv3.1 7.5 https://svn.apache.org/viewvc?view=revision&revision=1621329
generic_textual HIGH https://svn.apache.org/viewvc?view=revision&revision=1621329
cvssv3.1 7.5 https://ws.apache.org/wss4j/advisories/CVE-2015-0226.txt.asc
generic_textual HIGH https://ws.apache.org/wss4j/advisories/CVE-2015-0226.txt.asc
cvssv3.1 7.5 https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
generic_textual HIGH https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
Reference id Reference type URL
http://rhn.redhat.com/errata/RHSA-2015-0846.html
http://rhn.redhat.com/errata/RHSA-2015-0847.html
http://rhn.redhat.com/errata/RHSA-2015-0848.html
http://rhn.redhat.com/errata/RHSA-2015-0849.html
http://rhn.redhat.com/errata/RHSA-2015-1176.html
http://rhn.redhat.com/errata/RHSA-2015-1177.html
https://access.redhat.com/errata/RHSA-2016:1376
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0226.json
https://api.first.org/data/v1/epss?cve=CVE-2015-0226
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0226
https://github.com/apache/ws-wss4j
https://github.com/apache/ws-wss4j/commit/970b3e3756e2c75bf2379ce198365e1a7168c3c3
https://github.com/apache/ws-wss4j/commit/de5104b30ddde5fe7388ad57e1c5ace5c5509924
https://nvd.nist.gov/vuln/detail/CVE-2015-0226
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03900en_us
https://svn.apache.org/viewvc?view=revision&revision=1621329
https://ws.apache.org/wss4j/advisories/CVE-2015-0226.txt.asc
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
1191446 https://bugzilla.redhat.com/show_bug.cgi?id=1191446
777741 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777741
GHSA-vjwc-5hfh-2vv5 https://github.com/advisories/GHSA-vjwc-5hfh-2vv5
RHSA-2015:0773 https://access.redhat.com/errata/RHSA-2015:0773
RHSA-2015:0846 https://access.redhat.com/errata/RHSA-2015:0846
RHSA-2015:0847 https://access.redhat.com/errata/RHSA-2015:0847
RHSA-2015:0848 https://access.redhat.com/errata/RHSA-2015:0848
RHSA-2015:0849 https://access.redhat.com/errata/RHSA-2015:0849
RHSA-2015:1009 https://access.redhat.com/errata/RHSA-2015:1009
RHSA-2015:1176 https://access.redhat.com/errata/RHSA-2015:1176
RHSA-2015:1177 https://access.redhat.com/errata/RHSA-2015:1177
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at http://rhn.redhat.com/errata/RHSA-2015-0846.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at http://rhn.redhat.com/errata/RHSA-2015-0847.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at http://rhn.redhat.com/errata/RHSA-2015-0848.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at http://rhn.redhat.com/errata/RHSA-2015-0849.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at http://rhn.redhat.com/errata/RHSA-2015-1176.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at http://rhn.redhat.com/errata/RHSA-2015-1177.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/errata/RHSA-2016:1376
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/apache/ws-wss4j
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/apache/ws-wss4j/commit/970b3e3756e2c75bf2379ce198365e1a7168c3c3
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://github.com/apache/ws-wss4j/commit/de5104b30ddde5fe7388ad57e1c5ace5c5509924
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2015-0226
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03900en_us
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://svn.apache.org/viewvc?view=revision&revision=1621329
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://ws.apache.org/wss4j/advisories/CVE-2015-0226.txt.asc
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.90079
EPSS Score 0.0521
Published At May 29, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-05-29T09:32:19.078455+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-vjwc-5hfh-2vv5/GHSA-vjwc-5hfh-2vv5.json 38.6.0