5

CVE-2011-1096

EPSS 0.76%
Veröffentlicht 23.11.2012 20:55:01
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

The W3C XML Encryption Standard, as used in the JBoss Web Services (JBossWS) component in JBoss Enterprise Portal Platform before 5.2.2 and other products, when using block ciphers in cipher-block chaining (CBC) mode, allows remote attackers to obtain plaintext data via a chosen-ciphertext attack on SOAP responses, aka "character encoding pattern attack."

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 34

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Redhat ≫ Jboss Enterprise Portal Platform Version <= 5.2.1

Redhat ≫ Jboss Enterprise Portal Platform Version5.0.0

Redhat ≫ Jboss Enterprise Portal Platform Version5.0.1

Redhat ≫ Jboss Enterprise Portal Platform Version5.1.0

Redhat ≫ Jboss Enterprise Portal Platform Version5.1.1

Redhat ≫ Jboss Enterprise Portal Platform Version5.2.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.76%	0.724

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E

https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E

https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E

https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E

https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E

https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E

http://rhn.redhat.com/errata/RHSA-2013-0191.html

http://rhn.redhat.com/errata/RHSA-2013-0192.html

http://rhn.redhat.com/errata/RHSA-2013-0193.html

http://rhn.redhat.com/errata/RHSA-2013-0194.html

http://rhn.redhat.com/errata/RHSA-2013-0195.html

http://rhn.redhat.com/errata/RHSA-2013-0196.html

http://rhn.redhat.com/errata/RHSA-2013-0197.html

http://rhn.redhat.com/errata/RHSA-2013-0198.html

http://rhn.redhat.com/errata/RHSA-2013-0221.html

http://secunia.com/advisories/51984

http://secunia.com/advisories/52054

http://aktuell.ruhr-uni-bochum.de/pm2011/pm00330.html.de

http://coheigea.blogspot.com/2012/04/note-on-cve-2011-1096.html

http://cxf.apache.org/note-on-cve-2011-1096.html

http://dl.acm.org/citation.cfm?id=2046756&dl=ACM&coll=DL

http://rhn.redhat.com/errata/RHSA-2012-1301.html

http://rhn.redhat.com/errata/RHSA-2012-1330.html

http://rhn.redhat.com/errata/RHSA-2012-1344.html

http://rhn.redhat.com/errata/RHSA-2013-0261.html

http://rhn.redhat.com/errata/RHSA-2013-1437.html

http://www.csoonline.com/article/692366/widely-used-encryption-standard-is-insecure-say-experts

http://www.securityfocus.com/bid/55770

https://bugzilla.redhat.com/show_bug.cgi?id=681916

https://exchange.xforce.ibmcloud.com/vulnerabilities/79031

https://lists.apache.org/thread.html/8d5d29747548a24cccdb7f3e2d4d599ffb7ffe4537426b3c9a852cf4%40%3Ccommits.cxf.apache.org%3E

https://nvd.nist.gov/vuln/detail/CVE-2011-1096

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2011-1096

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2011-1096

EUVD