149 matches found
RHEL 5 : JBoss EAP (RHSA-2013:0192)
Updated JBoss Enterprise Application Platform 5.2.0 packages that fix multiple security issues, various bugs, and add several enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common...
RHEL 6 : JBoss EAP (RHSA-2013:0191)
Updated JBoss Enterprise Application Platform 5.2.0 packages that fix multiple security issues, various bugs, and add several enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common...
RHEL 4 : JBoss EAP (RHSA-2013:0193)
Updated JBoss Enterprise Application Platform 5.2.0 packages that fix multiple security issues, various bugs, and add several enhancements are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. Common...
apache-cxf: Apache CXF does not verify that elements were signed / encrypted by a particular Supporting Token
Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors...
CVE-2011-1096
The W3C XML Encryption Standard, as used in the JBoss Web Services JBossWS component in JBoss Enterprise Portal Platform before 5.2.2 and other products, when using block ciphers in cipher-block chaining CBC mode, allows remote attackers to obtain plaintext data via a chosen-ciphertext attack on...
Input validation
The W3C XML Encryption Standard, as used in the JBoss Web Services JBossWS component in JBoss Enterprise Portal Platform before 5.2.2 and other products, when using block ciphers in cipher-block chaining CBC mode, allows remote attackers to obtain plaintext data via a chosen-ciphertext attack on...
CVE-2011-1096
CVE-2011-1096 affects the W3C XML Encryption usage in the JBoss Web Services CXF stack (jbossws-cxf) within JBoss Enterprise Portal Platform before 5.2.2 and other products. The root cause is CBC-mode block ciphers enabling a chosen-ciphertext attack on SOAP responses, allowing an attacker to rec...
CVE-2011-1096
The W3C XML Encryption Standard, as used in the JBoss Web Services JBossWS component in JBoss Enterprise Portal Platform before 5.2.2 and other products, when using block ciphers in cipher-block chaining CBC mode, allows remote attackers to obtain plaintext data via a chosen-ciphertext attack on...
jbossws: Prone to character encoding pattern attack (XML Encryption flaw)
The W3C XML Encryption Standard, as used in the JBoss Web Services JBossWS component in JBoss Enterprise Portal Platform before 5.2.2 and other products, when using block ciphers in cipher-block chaining CBC mode, allows remote attackers to obtain plaintext data via a chosen-ciphertext attack on...
jbossws: Prone to character encoding pattern attack (XML Encryption flaw)
The W3C XML Encryption Standard, as used in the JBoss Web Services JBossWS component in JBoss Enterprise Portal Platform before 5.2.2 and other products, when using block ciphers in cipher-block chaining CBC mode, allows remote attackers to obtain plaintext data via a chosen-ciphertext attack on...
CentOS Update for xmlsec1 CESA-2011:0486 centos5 x86_64
Check for the Version of xmlsec1 OpenVAS Vulnerability Test CentOS Update for xmlsec1 CESA-2011:0486 centos5 x8664 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...
CentOS Update for xmlsec1 CESA-2011:0486 centos5 x86_64
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Debian Security Advisory DSA 2330-1 (simplesamlphp)
The remote host is missing an update to simplesamlphp announced via advisory DSA 2330-1. OpenVAS Vulnerability Test $Id: deb23301.nasl 8970 2018-02-27 15:16:18Z cfischer $ Description: Auto-generated from advisory DSA 2330-1 simplesamlphp Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft...
Debian: Security Advisory (DSA-2330-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DSA 2330-1] simplesamlphp security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2330-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst October 27, 2011 http://www.debian.org/security/faq -...
Debian DSA-2330-1 : simplesamlphp - XML encryption weakness
Issues were found in the handling of XML encryption in simpleSAMLphp, an application for federated authentication. The following two issues have been addressed : It may be possible to use an SP as an oracle to decrypt encrypted messages sent to that SP. It may be possible to use the SP as a key...
DSA-2330-1 simplesamlphp - several
Bulletin has no description...
Researchers Publish New Attack on XML Encryption
Researchers in Germany have developed an attack that enables them to decrypt supposedly private messages sent via XML. Their attack affects messages encrypted with any of the algorithms supported by the XML encryption standard, including DES and AES. The research, done by a group at Ruhr Universi...
CentOS Update for xmlsec1 CESA-2011:0486 centos4 i386
Check for the Version of xmlsec1 OpenVAS Vulnerability Test CentOS Update for xmlsec1 CESA-2011:0486 centos4 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...
IBM WebSphere Application Server 6.1 < 6.1.0.39 Multiple Vulnerabilities
IBM WebSphere Application Server 6.1 before Fix Pack 39 appears to be running on the remote host. As such, it is potentially affected by the following vulnerabilities : - Use of an insecure XML encryption algorithm could allow for decryption of JAX-RPC or JAX-WS Web Services requests. PM34841 - A...