Lucene search
K

149 matches found

Tenable Nessus
Tenable Nessus
added 2013/01/24 12:0 a.m.63 views

RHEL 5 : JBoss EAP (RHSA-2013:0192)

Updated JBoss Enterprise Application Platform 5.2.0 packages that fix multiple security issues, various bugs, and add several enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. Common...

10CVSS7.7AI score0.15561EPSS
Exploits7References30
Tenable Nessus
Tenable Nessus
added 2013/01/24 12:0 a.m.76 views

RHEL 6 : JBoss EAP (RHSA-2013:0191)

Updated JBoss Enterprise Application Platform 5.2.0 packages that fix multiple security issues, various bugs, and add several enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common...

10CVSS0.4AI score0.15561EPSS
Exploits7References30
Tenable Nessus
Tenable Nessus
added 2013/01/24 12:0 a.m.52 views

RHEL 4 : JBoss EAP (RHSA-2013:0193)

Updated JBoss Enterprise Application Platform 5.2.0 packages that fix multiple security issues, various bugs, and add several enhancements are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. Common...

10CVSS7.7AI score0.15561EPSS
Exploits7References30
RedHat Linux
RedHat Linux
added 2012/12/18 10:43 p.m.2 views

apache-cxf: Apache CXF does not verify that elements were signed / encrypted by a particular Supporting Token

Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1, when a Supporting Token specifies a child WS-SecurityPolicy 1.1 or 1.2 policy, does not properly ensure that an XML element is signed or encrypted, which has unspecified impact and attack vectors...

10CVSS6.5AI score0.04112EPSS
Exploits1References5
NVD
NVD
added 2012/11/23 8:55 p.m.24 views

CVE-2011-1096

The W3C XML Encryption Standard, as used in the JBoss Web Services JBossWS component in JBoss Enterprise Portal Platform before 5.2.2 and other products, when using block ciphers in cipher-block chaining CBC mode, allows remote attackers to obtain plaintext data via a chosen-ciphertext attack on...

5CVSS5.5AI score0.02587EPSS
Exploits0References31
Prion
Prion
added 2012/11/23 8:55 p.m.21 views

Input validation

The W3C XML Encryption Standard, as used in the JBoss Web Services JBossWS component in JBoss Enterprise Portal Platform before 5.2.2 and other products, when using block ciphers in cipher-block chaining CBC mode, allows remote attackers to obtain plaintext data via a chosen-ciphertext attack on...

5CVSS6.8AI score0.02587EPSS
Exploits0References31Affected Software1
CVE
CVE
added 2012/11/23 8:0 p.m.91 views

CVE-2011-1096

CVE-2011-1096 affects the W3C XML Encryption usage in the JBoss Web Services CXF stack (jbossws-cxf) within JBoss Enterprise Portal Platform before 5.2.2 and other products. The root cause is CBC-mode block ciphers enabling a chosen-ciphertext attack on SOAP responses, allowing an attacker to rec...

5CVSS5.6AI score0.02587EPSS
Exploits0References31Affected Software1
Cvelist
Cvelist
added 2012/11/23 8:0 p.m.49 views

CVE-2011-1096

The W3C XML Encryption Standard, as used in the JBoss Web Services JBossWS component in JBoss Enterprise Portal Platform before 5.2.2 and other products, when using block ciphers in cipher-block chaining CBC mode, allows remote attackers to obtain plaintext data via a chosen-ciphertext attack on...

5.5AI score0.02587EPSS
Exploits0References31
RedHat Linux
RedHat Linux
added 2012/10/08 4:38 p.m.4 views

jbossws: Prone to character encoding pattern attack (XML Encryption flaw)

The W3C XML Encryption Standard, as used in the JBoss Web Services JBossWS component in JBoss Enterprise Portal Platform before 5.2.2 and other products, when using block ciphers in cipher-block chaining CBC mode, allows remote attackers to obtain plaintext data via a chosen-ciphertext attack on...

5CVSS6.5AI score0.02587EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2012/10/03 3:8 p.m.3 views

jbossws: Prone to character encoding pattern attack (XML Encryption flaw)

The W3C XML Encryption Standard, as used in the JBoss Web Services JBossWS component in JBoss Enterprise Portal Platform before 5.2.2 and other products, when using block ciphers in cipher-block chaining CBC mode, allows remote attackers to obtain plaintext data via a chosen-ciphertext attack on...

5CVSS6.5AI score0.02587EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2012/07/30 12:0 a.m.26 views

CentOS Update for xmlsec1 CESA-2011:0486 centos5 x86_64

Check for the Version of xmlsec1 OpenVAS Vulnerability Test CentOS Update for xmlsec1 CESA-2011:0486 centos5 x8664 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

5.1CVSS8.1AI score0.08057EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2012/07/30 12:0 a.m.27 views

CentOS Update for xmlsec1 CESA-2011:0486 centos5 x86_64

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

5.1CVSS5.2AI score0.08057EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2012/02/11 12:0 a.m.21 views

Debian Security Advisory DSA 2330-1 (simplesamlphp)

The remote host is missing an update to simplesamlphp announced via advisory DSA 2330-1. OpenVAS Vulnerability Test $Id: deb23301.nasl 8970 2018-02-27 15:16:18Z cfischer $ Description: Auto-generated from advisory DSA 2330-1 simplesamlphp Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft...

7.6AI score0.00744EPSS
Exploits0
OpenVAS
OpenVAS
added 2012/02/11 12:0 a.m.19 views

Debian: Security Advisory (DSA-2330-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS7.6AI score0.00744EPSS
Exploits0References3
securityvulns
securityvulns
added 2011/11/06 12:0 a.m.66 views

[SECURITY] [DSA 2330-1] simplesamlphp security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2330-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst October 27, 2011 http://www.debian.org/security/faq -...

0.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2011/10/28 12:0 a.m.11 views

Debian DSA-2330-1 : simplesamlphp - XML encryption weakness

Issues were found in the handling of XML encryption in simpleSAMLphp, an application for federated authentication. The following two issues have been addressed : It may be possible to use an SP as an oracle to decrypt encrypted messages sent to that SP. It may be possible to use the SP as a key...

5.4AI score
Exploits0References2
OSV
OSV
added 2011/10/27 12:0 a.m.11 views

DSA-2330-1 simplesamlphp - several

Bulletin has no description...

7.5CVSS7.5AI score0.00744EPSS
Exploits0
ThreatPost
ThreatPost
added 2011/10/24 4:12 p.m.13 views

Researchers Publish New Attack on XML Encryption

Researchers in Germany have developed an attack that enables them to decrypt supposedly private messages sent via XML. Their attack affects messages encrypted with any of the algorithms supported by the XML encryption standard, including DES and AES. The research, done by a group at Ruhr Universi...

0.6AI score
Exploits0References3
OpenVAS
OpenVAS
added 2011/08/09 12:0 a.m.30 views

CentOS Update for xmlsec1 CESA-2011:0486 centos4 i386

Check for the Version of xmlsec1 OpenVAS Vulnerability Test CentOS Update for xmlsec1 CESA-2011:0486 centos4 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

5.1CVSS8.1AI score0.08057EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2011/07/22 12:0 a.m.39 views

IBM WebSphere Application Server 6.1 < 6.1.0.39 Multiple Vulnerabilities

IBM WebSphere Application Server 6.1 before Fix Pack 39 appears to be running on the remote host. As such, it is potentially affected by the following vulnerabilities : - Use of an insecure XML encryption algorithm could allow for decryption of JAX-RPC or JAX-WS Web Services requests. PM34841 - A...

5.8CVSS5.6AI score0.01867EPSS
Exploits1References6
Rows per page
Query Builder