RHEL 5 / 6 : JBoss Enterprise Web Platform 5.2.0 (RHSA-2013:0874)

The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2013:0874 advisory. The Enterprise Web Platform is a slimmed down profile of the JBoss Enterprise Application Platform intended for mid-size workloads with light and...

com.amazon.aes.webservices.client:ec2-java-client (=20080327), com.cybersource:cybersource-sdk-java (>=6.2.0 <=6.2.1) +83 more potentially affected by CVE-2011-2487 via wss4j:wss4j (>=1.5.0 <=1.5.1)

wss4j:wss4j MAVEN version =1.5.0, =6.2.0, =1.0.12, =9.00.2110.07.220316, =0.0.9, =0.0.3, =0.0.3, =0.0.3, =0.0.3, =0.3.0 - com.github.rapidark:rapid-ark-pretty =0.3.0 - com.github.rapidark:rapid-ark-pretty-demo =0.3.0 - com.github.rapidark:rapid-ark-pretty-demo-keeper =0.3.0 -...

CVE-2011-2487

creationtimestamp| type| source ---|---|--- 2020-03-11 19:32:08+00:00| seen| https://t.me/cibsecurity/10447...

CVE-2011-2487

CVE-2011-2487 is referenced by GitHub advisory GHSA-vjwc-5HFH-2VV5, which notes that Apache WSS4J before 1.6.17 and 2.0.x before 2.0.2 leak information about decryption failures when decrypting an encrypted key or message data, making it easier to recover plaintext keys via crafted messages. The ...

Privilege Escalation

An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. CVE-2011-1096 JBoss Web Services leaked side-channe...

UBUNTU-CVE-2015-0226

Apache WSS4J before 1.6.17 and 2.0.x before 2.0.2 improperly leaks information about decryption failures when decrypting an encrypted key or message data, which makes it easier for remote attackers to recover the plaintext form of a symmetric key via a series of crafted messages. NOTE: this...

wss4j: Apache WSS4J is vulnerable to Bleichenbacher's attack (incomplete fix for CVE-2011-2487)

It was found that a prior countermeasure in Apache WSS4J for Bleichenbacher's attack on XML Encryption CVE-2011-2487 threw an exception that permitted an attacker to determine the failure of the attempted attack, thereby leaving WSS4J vulnerable to the attack. The original flaw allowed a remote...

wss4j: Apache WSS4J is vulnerable to Bleichenbacher's attack (incomplete fix for CVE-2011-2487)

It was found that a prior countermeasure in Apache WSS4J for Bleichenbacher's attack on XML Encryption CVE-2011-2487 threw an exception that permitted an attacker to determine the failure of the attempted attack, thereby leaving WSS4J vulnerable to the attack. The original flaw allowed a remote...

RHEL 6 : Red Hat JBoss Enterprise Application Platform 6.4.0 update (Important) (RHSA-2015:0847)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:0847 advisory. Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that a...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.0 update

Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.4.0, and fix multiple security issues, several bugs, and add various enhancements, are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact...

wss4j: Apache WSS4J is vulnerable to Bleichenbacher's attack (incomplete fix for CVE-2011-2487)

It was found that a prior countermeasure in Apache WSS4J for Bleichenbacher's attack on XML Encryption CVE-2011-2487 threw an exception that permitted an attacker to determine the failure of the attempted attack, thereby leaving WSS4J vulnerable to the attack. The original flaw allowed a remote...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.0 update

Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.4.0, and fix multiple security issues, several bugs, and add various enhancements, are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.0 update

Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.4.0, and fix multiple security issues, several bugs, and add various enhancements, are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact...

wss4j: Apache WSS4J is vulnerable to Bleichenbacher's attack (incomplete fix for CVE-2011-2487)

It was found that a prior countermeasure in Apache WSS4J for Bleichenbacher's attack on XML Encryption CVE-2011-2487 threw an exception that permitted an attacker to determine the failure of the attempted attack, thereby leaving WSS4J vulnerable to the attack. The original flaw allowed a remote...

wss4j: Apache WSS4J is vulnerable to Bleichenbacher's attack (incomplete fix for CVE-2011-2487)

It was found that a prior countermeasure in Apache WSS4J for Bleichenbacher's attack on XML Encryption CVE-2011-2487 threw an exception that permitted an attacker to determine the failure of the attempted attack, thereby leaving WSS4J vulnerable to the attack. The original flaw allowed a remote...

Important: Red Hat Security Advisory: Red Hat JBoss Data Grid 6.4.1 update

Red Hat JBoss Data Grid 6.4.1, which fixes several security issues, multiple bugs, and adds various enhancements, is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base...

Important: Red Hat Security Advisory: Red Hat JBoss Portal 5.2.2 security update

Red Hat JBoss Portal 5.2.2 roll up patch 1, which fixes multiple security issues and various bugs, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores,...

Important: Red Hat Security Advisory: JBoss Enterprise Application Platform 6.1.0 update

Updated JBoss Enterprise Application Platform 6.1.0 packages that fix three security issues, various bugs, and add enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability...

Important: Red Hat Security Advisory: JBoss Enterprise Application Platform 5.2.0 update

JBoss Enterprise Application Platform 5.2.0, which fixes multiple security issues, various bugs, and adds several enhancements, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability...