Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1096

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2011-1096
Last Modified 30 Oct 2013 11:14:27
Published 23 Nov 2012 03:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-1096

Summary

The W3C XML Encryption Standard, as used in the JBoss Web Services (JBossWS) component in JBoss Enterprise Portal Platform before 5.2.2 and other products, when using block ciphers in cipher-block chaining (CBC) mode, allows remote attackers to obtain plaintext data via a chosen-ciphertext attack on SOAP responses, aka "character encoding pattern attack."

Vulnerable Systems

Application

  • Redhat Jboss Enterprise Portal Platform 5.0.0

  • Redhat Jboss Enterprise Portal Platform 5.0.1

  • Redhat Jboss Enterprise Portal Platform 5.1.0

  • Redhat Jboss Enterprise Portal Platform 5.1.1

  • Redhat Jboss Enterprise Portal Platform 5.2.0

  • Redhat Jboss Enterprise Portal Platform 5.2.1


References

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=681916

XF - jboss-web-services-cbc-info-disc(79031)

BID - 55770

MISC - http://www.csoonline.com/article/692366/widely-used-encryption-standard-is-insecure-say-experts

REDHAT - RHSA-2012:1344

REDHAT - RHSA-2012:1301

MISC - http://dl.acm.org/citation.cfm?id=2046756&dl=ACM&coll=DL

CONFIRM - http://cxf.apache.org/note-on-cve-2011-1096.html

MISC - http://coheigea.blogspot.com/2012/04/note-on-cve-2011-1096.html

MISC - http://aktuell.ruhr-uni-bochum.de/pm2011/pm00330.html.de

REDHAT - RHSA-2012:1330

SECUNIA - 52054

SECUNIA - 51984

REDHAT - RHSA-2013:0221

REDHAT - RHSA-2013:0198

REDHAT - RHSA-2013:0197

REDHAT - RHSA-2013:0196

REDHAT - RHSA-2013:0195

REDHAT - RHSA-2013:0194

REDHAT - RHSA-2013:0193

REDHAT - RHSA-2013:0192

REDHAT - RHSA-2013:0191

REDHAT - RHSA-2013:0261

REDHAT - RHSA-2013:1437


Last Updated: 27 May 2016 10:58:30