CyberRota
← Ana sayfaya dön

CVE-2026-40996

MEDIUM · CVSS 4.8 EPSS %0.13

Kaynak: NVD + CISA KEV + EPSS · Yayınlanma: 2026-06-11T07:16:27.550 · Çekilme zamanı: 2026-06-30T12:17:05.673021+00:00

CyberRota Yorumu

Detaylı analiz gerekiyor.

CVE
CVE-2026-40996
Severity
MEDIUM
CVSS
4.8
EPSS
%0.13
Apache

Orijinal NVD Açıklaması

Wss4jSecurityInterceptor defaulted allowRSA15KeyTransportAlgorithm to true, overriding Apache WSS4J's safer default for validation RequestData. Inbound WS-Security decryption could therefore accept RSA PKCS#1 v1.5 (rsa-1_5) encrypted key material unless operators explicitly reconfigured the flag. Affected versions: Spring Web Services 5.0.0 through 5.0.1; 4.1.0 through 4.1.3; 4.0.0 through 4.0.18; 3.1.0 through 3.1.8.