CVE-2011-1096

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions JBoss Enterprise Portal Platform versions prior to 5.2.2

Description The issue allows remote attackers to obtain plaintext data via a chosen-ciphertext attack on SOAP responses. This is related to the use of block ciphers in cipher-block chaining (CBC) mode in the W3C XML Encryption Standard, as used in the JBoss Web Services (JBossWS) component.

Recommendations For JBoss Enterprise Portal Platform versions prior to 5.2.2, update to version 5.2.2 or later to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-310

Related Identifiers

CVE-2011-1096

RHSA-2013:0191

RHSA-2013:0192

RHSA-2013:0193

RHSA-2013:0195

RHSA-2013:0196

RHSA-2013:0197

Affected Products

Jboss Enterprise Portal Platform

Jbossws

CVE-2011-1096

Weakness Enumeration

Related Identifiers

Affected Products

References · 32