{"id":"UBUNTU-CVE-2015-0227","details":"Apache WSS4J before 1.6.17 and 2.x before 2.0.2 allows remote attackers to bypass the requireSignedEncryptedDataElements configuration via a vectors related to \"wrapping attacks.\"","modified":"2025-07-16T07:48:18.796212Z","published":"2015-02-12T16:59:00Z","withdrawn":"2025-07-18T16:43:08Z","upstream":["CVE-2015-0227"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-0227"},{"type":"REPORT","url":"http://ws.apache.org/wss4j/advisories/CVE-2015-0227.txt.asc"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2015-0227"}],"affected":[{"package":{"name":"wss4j","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/wss4j@1.6.15-2?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.6.15-2"}]}],"ecosystem_specific":{"binaries":[{"binary_name":"libwss4j-java","binary_version":"1.6.15-2"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2015/UBUNTU-CVE-2015-0227.json"}}],"schema_version":"1.7.3","severity":[{"type":"Ubuntu","score":"medium"}]}