CVE-2011-1096

Sažetak

The W3C XML Encryption Standard, as used in the JBoss Web Services (JBossWS) component in JBoss Enterprise Portal Platform before 5.2.2 and other products, when using block ciphers in cipher-block chaining (CBC) mode, allows remote attackers to obtain plaintext data via a chosen-ciphertext attack on SOAP responses, aka "character encoding pattern attack."

Reference

http://coheigea.blogspot.com/2012/04/note-on-cve-2011-1096.html
http://rhn.redhat.com/errata/RHSA-2012-1301.html
http://www.csoonline.com/article/692366/widely-used-encryption-standard-is-insecure-say-experts
https://bugzilla.redhat.com/show_bug.cgi?id=681916
http://cxf.apache.org/note-on-cve-2011-1096.html
http://rhn.redhat.com/errata/RHSA-2012-1344.html
http://dl.acm.org/citation.cfm?id=2046756&dl=ACM&coll=DL
http://www.securityfocus.com/bid/55770
http://aktuell.ruhr-uni-bochum.de/pm2011/pm00330.html.de
http://rhn.redhat.com/errata/RHSA-2012-1330.html
http://rhn.redhat.com/errata/RHSA-2013-0194.html
http://secunia.com/advisories/51984
http://rhn.redhat.com/errata/RHSA-2013-0195.html
http://secunia.com/advisories/52054
http://rhn.redhat.com/errata/RHSA-2013-0198.html
http://rhn.redhat.com/errata/RHSA-2013-0197.html
http://rhn.redhat.com/errata/RHSA-2013-0191.html
http://rhn.redhat.com/errata/RHSA-2013-0196.html
http://rhn.redhat.com/errata/RHSA-2013-0221.html
http://rhn.redhat.com/errata/RHSA-2013-0193.html
http://rhn.redhat.com/errata/RHSA-2013-0192.html
http://rhn.redhat.com/errata/RHSA-2013-0261.html
http://rhn.redhat.com/errata/RHSA-2013-1437.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/79031
https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/8d5d29747548a24cccdb7f3e2d4d599ffb7ffe4537426b3c9a852cf4%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

13-02-2023 - 01:18

Objavljeno

23-11-2012 - 20:55