Lucene search

PRIOn knowledge basePRION:CVE-2011-1096

HistoryNov 23, 2012 - 8:55 p.m.

Input validation

2012-11-2320:55:00

PRIOn knowledge base

www.prio-n.com

6.8 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

73.8%

JSON

The W3C XML Encryption Standard, as used in the JBoss Web Services (JBossWS) component in JBoss Enterprise Portal Platform before 5.2.2 and other products, when using block ciphers in cipher-block chaining (CBC) mode, allows remote attackers to obtain plaintext data via a chosen-ciphertext attack on SOAP responses, aka “character encoding pattern attack.”

CPENameOperatorVersion
jboss_enterprise_portal_platformeq5.0.0
jboss_enterprise_portal_platformeq5.1.1
jboss_enterprise_portal_platformeq5.1.0
jboss_enterprise_portal_platformle5.2.1
jboss_enterprise_portal_platformeq5.2.0
jboss_enterprise_portal_platformeq5.0.1

Name	Operator	Version
jboss_enterprise_portal_platform	eq	5.0.0
jboss_enterprise_portal_platform	eq	5.1.1
jboss_enterprise_portal_platform	eq	5.1.0
jboss_enterprise_portal_platform	le	5.2.1
jboss_enterprise_portal_platform	eq	5.2.0
jboss_enterprise_portal_platform	eq	5.0.1

References

aktuell.ruhr-uni-bochum.de/pm2011/pm00330.html.de

cxf.apache.org/note-on-cve-2011-1096.html

dl.acm.org/citation.cfm?id=2046756&dl=ACM&coll=DL

rhn.redhat.com/errata/RHSA-2012-1301.html

rhn.redhat.com/errata/RHSA-2012-1330.html

rhn.redhat.com/errata/RHSA-2012-1344.html

rhn.redhat.com/errata/RHSA-2013-0191.html

rhn.redhat.com/errata/RHSA-2013-0192.html

rhn.redhat.com/errata/RHSA-2013-0193.html

rhn.redhat.com/errata/RHSA-2013-0194.html

rhn.redhat.com/errata/RHSA-2013-0195.html

rhn.redhat.com/errata/RHSA-2013-0196.html

rhn.redhat.com/errata/RHSA-2013-0197.html

rhn.redhat.com/errata/RHSA-2013-0198.html

rhn.redhat.com/errata/RHSA-2013-0221.html

rhn.redhat.com/errata/RHSA-2013-0261.html

rhn.redhat.com/errata/RHSA-2013-1437.html

secunia.com/advisories/51984

secunia.com/advisories/52054

www.csoonline.com/article/692366/widely-used-encryption-standard-is-insecure-say-experts

www.securityfocus.com/bid/55770

bugzilla.redhat.com/show_bug.cgi?id=681916

coheigea.blogspot.com/2012/04/note-on-cve-2011-1096.html

exchange.xforce.ibmcloud.com/vulnerabilities/79031

lists.apache.org/thread.html/8d5d29747548a24cccdb7f3e2d4d599ffb7ffe4537426b3c9a852cf4%40%3Ccommits.cxf.apache.org%3E

lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E

lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E

lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E

lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E

lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E

lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E

6.8 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

73.8%

JSON

Related for PRION:CVE-2011-1096