-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

CVE-2015-0226: Apache WSS4J is (still) vulnerable to Bleichenbacher's attack

Severity: Major

Vendor: The Apache Software Foundation

Versions Affected:

This vulnerability affects all versions of Apache WSS4J prior to 1.6.17 and
2.0.2.

Description:

Apache WSS4J 1.6.5 contained a countermeasure for Bleichenbacher's attack on
XML Encryption, where the PKCS#1 v1.5 Key Transport Algorithm is used to
encrypt symmetric keys as part of WS-Security. In particular, the fix avoided
leaking information on whether decryption failed when decrypting the encrypted
key or decrypting the message data.

However, it is still possible to craft a message such that an attacker can tell 
where the decryption failure took place, and hence WSS4J is vulnerable to the
original attack. 

See here for more information on the original fix for WSS4J 1.6.5:

http://cxf.apache.org/note-on-cve-2011-2487.html

This has been fixed in revision:

http://svn.apache.org/viewvc?view=revision&revision=1621329

Migration:

WSS4J 1.6.x users should upgrade to 1.6.17 or later as soon as possible.
WSS4J 2.0.x users should upgrade to 2.0.2 or later as soon as possible.

References: http://ws.apache.org/wss4j/security_advisories.html

Acknowledgments: Dennis Kupser, Christian Mainka, Juraj Somorovsky (Ruhr
University Bochum)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJU2dzUAAoJEGe/gLEK1TmD9g0H/iARiT79KnfLBwRCJqRNGS7u
OvN/ZuqhtFMSqeS6l0AiY0uvTTvLuJOyNbEk+guU9K0IqwyBPpM/jQXILGyvBDx4
MzlGn/ot26Dwcdw1v58KJuAxKh287Ht1FBEgL2fpT2/PJZWRptFVsXWPmfJdipcn
SKlXkfZS9amgbh6CtZisW5iLrsDfbNK6rd40ZYr7lkB/bFMuCYi+bxKTgZE+/PS/
BvTv2qYtpvFxLWhakXKE4ycLLR4SMh57MXkFecyQXh4ArhiDYOceVWS+VtzTVumm
vZnLhwlCXEkgAJJcaq80OM+/bSbw/v+8kplsEcRLW21eW1i/Gg14TCsp+2T8x7o=
=Qhzt
-----END PGP SIGNATURE-----