Vulnerability Description
The W3C XML Encryption Standard, as used in the JBoss Web Services (JBossWS) component in JBoss Enterprise Portal Platform before 5.2.2 and other products, when using block ciphers in cipher-block chaining (CBC) mode, allows remote attackers to obtain plaintext data via a chosen-ciphertext attack on SOAP responses, aka "character encoding pattern attack."
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Jboss Enterprise Portal Platform | <= 5.2.1 |
Related Weaknesses (CWE)
References
- http://aktuell.ruhr-uni-bochum.de/pm2011/pm00330.html.de
- http://coheigea.blogspot.com/2012/04/note-on-cve-2011-1096.html
- http://cxf.apache.org/note-on-cve-2011-1096.html
- http://dl.acm.org/citation.cfm?id=2046756&dl=ACM&coll=DL
- http://rhn.redhat.com/errata/RHSA-2012-1301.html
- http://rhn.redhat.com/errata/RHSA-2012-1330.html
- http://rhn.redhat.com/errata/RHSA-2012-1344.html
- http://rhn.redhat.com/errata/RHSA-2013-0191.html
- http://rhn.redhat.com/errata/RHSA-2013-0192.html
- http://rhn.redhat.com/errata/RHSA-2013-0193.html
- http://rhn.redhat.com/errata/RHSA-2013-0194.html
- http://rhn.redhat.com/errata/RHSA-2013-0195.html
- http://rhn.redhat.com/errata/RHSA-2013-0196.html
- http://rhn.redhat.com/errata/RHSA-2013-0197.html
- http://rhn.redhat.com/errata/RHSA-2013-0198.html
FAQ
What is CVE-2011-1096?
CVE-2011-1096 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The W3C XML Encryption Standard, as used in the JBoss Web Services (JBossWS) component in JBoss Enterprise Portal Platform before 5.2.2 and other products, when using block ciphers in cipher-block cha...
How severe is CVE-2011-1096?
CVE-2011-1096 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-1096?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Jboss Enterprise Portal Platform.