ID |
CVE-2011-1096
|
Summary |
The W3C XML Encryption Standard, as used in the JBoss Web Services (JBossWS) component in JBoss Enterprise Portal Platform before 5.2.2 and other products, when using block ciphers in cipher-block chaining (CBC) mode, allows remote attackers to obtain plaintext data via a chosen-ciphertext attack on SOAP responses, aka "character encoding pattern attack." |
References |
|
Vulnerable Configurations |
-
cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.0.0:*:*:*:*:*:*:*
-
cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.1.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.1.1:*:*:*:*:*:*:*
-
cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.1.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.1.0:*:*:*:*:*:*:*
-
cpe:2.3:a:redhat:jboss_enterprise_portal_platform:4.3.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_portal_platform:4.3.0:*:*:*:*:*:*:*
-
cpe:2.3:a:redhat:jboss_enterprise_portal_platform:4.3.0:cp03:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_portal_platform:4.3.0:cp03:*:*:*:*:*:*
-
cpe:2.3:a:redhat:jboss_enterprise_portal_platform:4.3.0:cp04:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_portal_platform:4.3.0:cp04:*:*:*:*:*:*
-
cpe:2.3:a:redhat:jboss_enterprise_portal_platform:4.3.0:cp05:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_portal_platform:4.3.0:cp05:*:*:*:*:*:*
-
cpe:2.3:a:redhat:jboss_enterprise_portal_platform:4.3.0:cp06:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_portal_platform:4.3.0:cp06:*:*:*:*:*:*
-
cpe:2.3:a:redhat:jboss_enterprise_portal_platform:4.3.0:cp07:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_portal_platform:4.3.0:cp07:*:*:*:*:*:*
-
cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.0.1:*:*:*:*:*:*:*
-
cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.2.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.2.0:*:*:*:*:*:*:*
-
cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.2.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.2.1:*:*:*:*:*:*:*
|
CVSS |
Base: | 5.0 (as of 13-02-2023 - 01:18) |
Impact: | |
Exploitability: | |
|
CWE |
CWE-310 |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
LOW |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
PARTIAL |
NONE |
NONE |
|
cvss-vector
via4
|
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
redhat
via4
|
|
refmap
via4
|
bid | 55770 | confirm | http://cxf.apache.org/note-on-cve-2011-1096.html | misc | | mlist | - [cxf-commits] 20190326 svn commit: r1042570 [4/4] - in /websites/production/cxf/content: cache/docs.pageCache docs/jax-rs-http-signature.html docs/jax-rs-jose.html docs/jax-rs-oauth2.html docs/jax-rs-xml-security.html docs/secure-jax-rs-services.html
- [cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html
- [cxf-commits] 20200319 svn commit: r1058035 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html
- [cxf-commits] 20200401 svn commit: r1058573 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2020-1954.txt.asc security-advisories.html
- [cxf-commits] 20201112 svn commit: r1067927 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2020-13954.txt.asc security-advisories.html
| secunia | | xf | jboss-web-services-cbc-info-disc(79031) |
|
Last major update |
13-02-2023 - 01:18 |
Published |
23-11-2012 - 20:55 |
Last modified |
13-02-2023 - 01:18 |