Obtain sensitive information with Apache WSS4J CVE-2015-0226
PI36866 resolves the following problem:
Obtain sensitive information with web services Apache WSS4J CVE-2015-0226
Obtain sensitive information with web services Apache WSS4J CVE-2015-0226.
Apache WSS4J could allow a remote attacker to obtain sensitive information, caused by Bleichenbacher's attack on XML Encryption. By sending a specially-crafted message, an attacker could exploit this vulnerability to decrypt the key and obtain sensitive information.
The fix for this APAR is currently targeted for inclusion in fix pack 184.108.40.206.
Please review the readme.txt for detailed installation instructions.
Contact IBM Support using SR (http://www.ibm.com/software/support/probsub.html), visit the WebSphere Application Server support web site (http://www.ibm.com/software/webservers/appserv/was/support/), or contact 1-800-IBM-SERV (U.S. only).
15 June 2018