Lucene search
This script is Copyright (C) 2013-2024 and is owned by Tenable, Inc. or an Affiliate thereof.JBOSS_WS_XMLENC.NBINHistoryApr 23, 2013 - 12:00 a.m.
JBossWS Endpoint Uses Unsafe Encryption
2013-04-2300:00:00
This script is Copyright (C) 2013-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
14
The W3C XML Encryption Standard, implemented in JBossWS and used by one or more endpoints on the remote host, contains a design error. The design error allows unauthenticated, remote attackers to decrypt captured SOAP responses via a chosen-ciphertext attack. This issue affects all block ciphers used in cipher-block chaining (CBC) mode.
Binary data jboss_ws_xmlenc.nbin