Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
WSS4J validation does not use configured replay cache
Vulnerability Description
Wss4jSecurityInterceptor did not consistently wire Apache WSS4J ReplayCache instances into RequestData for validation-time checks. As a result, protections against replay of UsernameToken nonces and creation timestamps, Timestamp elements, and certain SAML one-time-use semantics could be ineffective even when operators configured a replay cache on the interceptor. Affected versions: Spring Web Services 5.0.0 through 5.0.1; 4.1.0 through 4.1.3; 4.0.0 through 4.0.18; 3.1.0 through 3.1.8.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
使用捕获-重放进行的认证绕过
Vulnerability Title
VMware Spring Web Services 安全漏洞
Vulnerability Description
VMware Spring Web Services是美国威睿(VMware)公司的一个SOAP Web服务开发框架。 VMware Spring Web Services 5.0.0至5.0.1版本、4.1.0至4.1.3版本、4.0.0至4.0.18版本和3.1.0至3.1.8版本存在安全漏洞,该漏洞源于Wss4jSecurityInterceptor未一致连接重放缓存实例,可能导致重放保护失效。
CVSS Information
N/A
Vulnerability Type
N/A