CVE-2011-2487
published 2020-03-11CVE-2011-2487: The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack.
medium5.9CVSS 3.0
AVNACHPRNUINSUCHINAN
The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | cxf | 2.4.0 – 2.4.6 | — |
| apache | cxf | 2.5.0 – 2.5.2 | — |
| apache | wss4j | < 1.6.5 | 1.6.5 |
| apache | wss4j | <= 1.6.16 | — |
| apache | wss4j | — | — |
| apache | wss4j | — | — |
| apache | wss4j | — | — |
| apache | wss4j | >= 0 < 1.6.15-2 | 1.6.15-2 |
| apache | wss4j | >= 0 < 1.6.15-2 | 1.6.15-2 |
| apache | wss4j | >= 0 < 1.6.15-2 | 1.6.15-2 |
| apache | wss4j | >= 0 < 1.6.15-2 | 1.6.15-2 |
| debian | wss4j | < wss4j 1.6.15-2 (bookworm) | wss4j 1.6.15-2 (bookworm) |
| redhat | jboss_business_rules_management_system | — | — |
| redhat | jboss_enterprise_application_platform | — | — |
| redhat | jboss_enterprise_soa_platform | — | — |
| redhat | jboss_enterprise_soa_platform | — | — |
| redhat | jboss_enterprise_web_platform | — | — |
| redhat | jboss_portal | — | — |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv3.15.9MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
ghsa5.9MEDIUM
osv5.9MEDIUM