Use of a Risky Cryptographic Algorithm Affecting org.apache.cxf:cxf package, versions [2.4.0,2.4.7) [2.5.1,2.5.3)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
- Snyk ID SNYK-JAVA-ORGAPACHECXF-30553
- published 16 Oct 2015
- disclosed 16 Oct 2015
- credit Tibor Jager, Sebastian Schinzel, Juraj Somorovsky
How to fix?
org.apache.cxf:cxf to version 2.4.7, 2.5.3 or higher.
org.apache.cxf:cxf is a services framework that aids in the development of services using front-end programming APIs, like JAX-WS and JAX-RS.
Affected versions of this package are vulnerable to Use of a Risky Cryptographic Algorithm. The
PKCS#1 v1.5 Key Transport Algorithm is used to encrypt symmetric keys as part of WS-Security. WSS4J can leak information about where a particular decryption operation fails.