41 matches found
EUVD-2011-1110
Malware in sbrugna...
RHEL 6 : jbossws-common (RHSA-2011:1303)
The remote Redhat Enterprise Linux 6 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2011:1303 advisory. The jbossws-common package provides JBoss Web Services Native, a web service framework included as part of JBoss Enterprise Web Platform. It implemen...
SUSE CVE-2011-2487
The implementations of PKCS1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack...
Denial Of Service (DoS)
jbossws-common is vulnerable to denial of service DoS. The vulnerability exists as it was found that JBoss Web Services Native did not properly protect against recursive entity resolution when processing Document Type Definitions DTD. A remote attacker could exploit this flaw by sending a...
Information Disclosure
An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. CVE-2011-1096 JBoss Web Services leaked side-channe...
RHEL 4 : JBoss EWP (RHSA-2013:0197)
Updated JBoss Enterprise Web Platform 5.2.0 packages that fix multiple security issues, various bugs, and add several enhancements are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability...
jbossws: Prone to Bleichenbacher attack against to be distributed symmetric key
A flaw was found in JBoss web services where the services used a weak symmetric encryption protocol, PKCS1 v1.5. An attacker could use this weakness in chosen-ciphertext attacks to recover the symmetric key and conduct further attacks...
jbossws: Prone to character encoding pattern attack (XML Encryption flaw)
The W3C XML Encryption Standard, as used in the JBoss Web Services JBossWS component in JBoss Enterprise Portal Platform before 5.2.2 and other products, when using block ciphers in cipher-block chaining CBC mode, allows remote attackers to obtain plaintext data via a chosen-ciphertext attack on...
jbossws: Prone to Bleichenbacher attack against to be distributed symmetric key
A flaw was found in JBoss web services where the services used a weak symmetric encryption protocol, PKCS1 v1.5. An attacker could use this weakness in chosen-ciphertext attacks to recover the symmetric key and conduct further attacks...
jbossws: Prone to character encoding pattern attack (XML Encryption flaw)
The W3C XML Encryption Standard, as used in the JBoss Web Services JBossWS component in JBoss Enterprise Portal Platform before 5.2.2 and other products, when using block ciphers in cipher-block chaining CBC mode, allows remote attackers to obtain plaintext data via a chosen-ciphertext attack on...
Important: Red Hat Security Advisory: JBoss Enterprise Application Platform 5.2.0 security update
An update for JBoss Enterprise Application Platform 5.2.0 which fixes two security issues is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which gi...
jbossws: Prone to character encoding pattern attack (XML Encryption flaw)
The W3C XML Encryption Standard, as used in the JBoss Web Services JBossWS component in JBoss Enterprise Portal Platform before 5.2.2 and other products, when using block ciphers in cipher-block chaining CBC mode, allows remote attackers to obtain plaintext data via a chosen-ciphertext attack on...
jbossws: Prone to Bleichenbacher attack against to be distributed symmetric key
A flaw was found in JBoss web services where the services used a weak symmetric encryption protocol, PKCS1 v1.5. An attacker could use this weakness in chosen-ciphertext attacks to recover the symmetric key and conduct further attacks...
jbossws: Prone to Bleichenbacher attack against to be distributed symmetric key
A flaw was found in JBoss web services where the services used a weak symmetric encryption protocol, PKCS1 v1.5. An attacker could use this weakness in chosen-ciphertext attacks to recover the symmetric key and conduct further attacks...
jbossws: Prone to character encoding pattern attack (XML Encryption flaw)
The W3C XML Encryption Standard, as used in the JBoss Web Services JBossWS component in JBoss Enterprise Portal Platform before 5.2.2 and other products, when using block ciphers in cipher-block chaining CBC mode, allows remote attackers to obtain plaintext data via a chosen-ciphertext attack on...
jbossws: Prone to Bleichenbacher attack against to be distributed symmetric key
A flaw was found in JBoss web services where the services used a weak symmetric encryption protocol, PKCS1 v1.5. An attacker could use this weakness in chosen-ciphertext attacks to recover the symmetric key and conduct further attacks...
jbossws: Prone to Bleichenbacher attack against to be distributed symmetric key
A flaw was found in JBoss web services where the services used a weak symmetric encryption protocol, PKCS1 v1.5. An attacker could use this weakness in chosen-ciphertext attacks to recover the symmetric key and conduct further attacks...
jbossws: Prone to character encoding pattern attack (XML Encryption flaw)
The W3C XML Encryption Standard, as used in the JBoss Web Services JBossWS component in JBoss Enterprise Portal Platform before 5.2.2 and other products, when using block ciphers in cipher-block chaining CBC mode, allows remote attackers to obtain plaintext data via a chosen-ciphertext attack on...
jbossws: Prone to Bleichenbacher attack against to be distributed symmetric key
A flaw was found in JBoss web services where the services used a weak symmetric encryption protocol, PKCS1 v1.5. An attacker could use this weakness in chosen-ciphertext attacks to recover the symmetric key and conduct further attacks...
jbossws: Prone to character encoding pattern attack (XML Encryption flaw)
The W3C XML Encryption Standard, as used in the JBoss Web Services JBossWS component in JBoss Enterprise Portal Platform before 5.2.2 and other products, when using block ciphers in cipher-block chaining CBC mode, allows remote attackers to obtain plaintext data via a chosen-ciphertext attack on...