CVE-2011-1096

CWE-310 CWE-327 — Broken Cryptographic Algorithm7 documents6 sources

Severity

5.0MEDIUM

EPSS

1.2%

top 21.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Jboss Enterprise Portal Platform

Timeline

PublishedNov 23

Latest updateMay 13

Description

The W3C XML Encryption Standard, as used in the JBoss Web Services (JBossWS) component in JBoss Enterprise Portal Platform before 5.2.2 and other products, when using block ciphers in cipher-block chaining (CBC) mode, allows remote attackers to obtain plaintext data via a chosen-ciphertext attack on SOAP responses, aka "character encoding pattern attack."

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDredhat/jboss_enterprise_portal_platform5.2.1+5

🔴Vulnerability Details

GHSA

GHSA-r89h-jcj8-5p2m: The W3C XML Encryption Standard, as used in the JBoss Web Services (JBossWS) component in JBoss Enterprise Portal Platform before 5↗2022-05-13

▶

CVEList

CVE-2011-1096: The W3C XML Encryption Standard, as used in the JBoss Web Services (JBossWS) component in JBoss Enterprise Portal Platform before 5↗2012-11-23

▶

💥Exploits & PoCs

Exploit-DB

GNOME NetworkManager 0.x - Local Arbitrary File Access↗2012-02-29

▶

📋Vendor Advisories

Red Hat

jbossws: Prone to character encoding pattern attack (XML Encryption flaw)↗2011-10-19

▶

💬Community

Bugzilla

CVE-2012-5575 jbossws-native, jbossws-cxf, apache-cxf: XML encryption backwards compatibility attacks↗2012-11-27

▶

Bugzilla

CVE-2011-1096 jbossws: Prone to character encoding pattern attack (XML Encryption flaw)↗2011-03-03

▶