Apache WSS4J prior to 1.6.17 and 2.x prior to 2.0.2 allows remote malicious users to bypass the requireSignedEncryptedDataElements configuration via a vectors related to "wrapping attacks."
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache wss4j 2.0.0 |
||
apache wss4j 2.0.1 |
||
apache wss4j |