5

CVE-2011-1096

EPSS 0.76%
Published 23.11.2012 20:55:01
Last modified 11.04.2025 00:51:21
Source secalert@redhat.com
Teams watchlist Login
Open Login

The W3C XML Encryption Standard, as used in the JBoss Web Services (JBossWS) component in JBoss Enterprise Portal Platform before 5.2.2 and other products, when using block ciphers in cipher-block chaining (CBC) mode, allows remote attackers to obtain plaintext data via a chosen-ciphertext attack on SOAP responses, aka "character encoding pattern attack."

Affected products Warnungen 0 Metrics 2 CWE 0 References 34

Data is provided by the National Vulnerability Database (NVD)

Redhat ≫ Jboss Enterprise Portal Platform Version <= 5.2.1

Redhat ≫ Jboss Enterprise Portal Platform Version5.0.0

Redhat ≫ Jboss Enterprise Portal Platform Version5.0.1

Redhat ≫ Jboss Enterprise Portal Platform Version5.1.0

Redhat ≫ Jboss Enterprise Portal Platform Version5.1.1

Redhat ≫ Jboss Enterprise Portal Platform Version5.2.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.76%	0.724

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E

https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E

https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E

https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E

https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E

https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E

http://rhn.redhat.com/errata/RHSA-2013-0191.html

http://rhn.redhat.com/errata/RHSA-2013-0192.html

http://rhn.redhat.com/errata/RHSA-2013-0193.html

http://rhn.redhat.com/errata/RHSA-2013-0194.html

http://rhn.redhat.com/errata/RHSA-2013-0195.html

http://rhn.redhat.com/errata/RHSA-2013-0196.html

http://rhn.redhat.com/errata/RHSA-2013-0197.html

http://rhn.redhat.com/errata/RHSA-2013-0198.html

http://rhn.redhat.com/errata/RHSA-2013-0221.html

http://secunia.com/advisories/51984

http://secunia.com/advisories/52054

http://aktuell.ruhr-uni-bochum.de/pm2011/pm00330.html.de

http://coheigea.blogspot.com/2012/04/note-on-cve-2011-1096.html

http://cxf.apache.org/note-on-cve-2011-1096.html

http://dl.acm.org/citation.cfm?id=2046756&dl=ACM&coll=DL

http://rhn.redhat.com/errata/RHSA-2012-1301.html

http://rhn.redhat.com/errata/RHSA-2012-1330.html

http://rhn.redhat.com/errata/RHSA-2012-1344.html

http://rhn.redhat.com/errata/RHSA-2013-0261.html

http://rhn.redhat.com/errata/RHSA-2013-1437.html

http://www.csoonline.com/article/692366/widely-used-encryption-standard-is-insecure-say-experts

http://www.securityfocus.com/bid/55770

https://bugzilla.redhat.com/show_bug.cgi?id=681916

https://exchange.xforce.ibmcloud.com/vulnerabilities/79031

https://lists.apache.org/thread.html/8d5d29747548a24cccdb7f3e2d4d599ffb7ffe4537426b3c9a852cf4%40%3Ccommits.cxf.apache.org%3E

https://nvd.nist.gov/vuln/detail/CVE-2011-1096

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2011-1096

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2011-1096

EUVD