Lucene search

K
cve[email protected]CVE-2011-1096
HistoryNov 23, 2012 - 8:55 p.m.

CVE-2011-1096

2012-11-2320:55:00
CWE-310
web.nvd.nist.gov
30
2
cve-2011-1096
w3c xml encryption
jboss web services
chosen-ciphertext attack
soap responses
character encoding pattern attack
nvd

5.6 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

73.9%

The W3C XML Encryption Standard, as used in the JBoss Web Services (JBossWS) component in JBoss Enterprise Portal Platform before 5.2.2 and other products, when using block ciphers in cipher-block chaining (CBC) mode, allows remote attackers to obtain plaintext data via a chosen-ciphertext attack on SOAP responses, aka “character encoding pattern attack.”

References

Social References

More

5.6 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

73.9%

Related for CVE-2011-1096