Rewterz Threat Advisory – Oracle Multiple Privilege Access Vulnerabilities
July 17, 2019Rewterz Threat Advisory – CVE-2019-5847 – Google Chrome V8 Denial of service Vulnerability
July 17, 2019Rewterz Threat Advisory – Oracle Multiple Privilege Access Vulnerabilities
July 17, 2019Rewterz Threat Advisory – CVE-2019-5847 – Google Chrome V8 Denial of service Vulnerability
July 17, 2019Severity
High
Analysis Summary
Apache WSS4J 1.6.5 contained a countermeasure for Bleichenbacher’s attack on XML Encryption, where the PKCS#1 v1.5 Key Transport Algorithm is used to encrypt symmetric keys as part of WS-Security. In particular, the fix avoided leaking information on whether decryption failed when decrypting the encrypted key or decrypting the message data.
Impact
Information disclosure
Affected Vendors
Apache
Affected Products
Apache WSS4J all versions prior to 1.6.17 and 2.0.2.
Remediation
Update to a fixed version
WSS4J 1.6.x : Should upgrade to 1.6.17 or later
WSS4J 2.0.x : Should upgrade to 2.0.2 or later