ajaykumar jaiswal

Greenhorn
+ Follow
since Aug 06, 2021
Merit badge: grant badges
For More
Cows and Likes
Cows
Total received
0
In last 30 days
0
Total given
0
Likes
Total received
0
Received in last 30 days
0
Total given
0
Given in last 30 days
0
Forums and Threads
Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by ajaykumar jaiswal

This one I have seen over the internet and the problem is in wss4j-1.5.4

those methods are not there like getRandomKey is not there in wss4j-1.5.4 in EncryptedKeyProcessor.


Here are the GitHub link:

1.5.4 : https://github.com/apache/ws-wss4j/blob/1_5_4/src/org/apache/ws/security/processor/EncryptedKeyProcessor.java

1.6.17 : https://github.com/apache/ws-wss4j/blob/wss4j-1.6.17/src/main/java/org/apache/ws/security/processor/EncryptedKeyProcessor.java
2 years ago
Hi Folks,

To fix the vulnerability it's needed to upgrade wss4j-1.5.4 to wss4j-1.6.17

Where wss4j-1.6.17 is not backward compatible and breaks lots of existing code.

Is there any patch or recommendations are there to fix the vulnerability CVE-2015-0226 without breaking the existing written code?
2 years ago