Lucene search
K

149 matches found

Debian CVE
Debian CVE
added 2019/11/06 2:53 p.m.26 views

CVE-2011-4625

simplesamlphp before 1.6.3 squeeze and before 1.8.2 sid incorrectly handles XML encryption which could allow remote attackers to decrypt or forge messages...

7.5CVSS7.5AI score0.00744EPSS
Exploits0
CVE
CVE
added 2019/11/06 2:53 p.m.66 views

CVE-2011-4625

The CVE-2011-4625 entry concerns simplesamlphp and its XML encryption handling. In affected versions (before 1.6.3 for squeeze and before 1.8.2 for sid), the software allegedly mishandles XML encryption, which could allow remote attackers to decrypt or forge messages. The connected documents conf...

7.5CVSS7.4AI score0.00744EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/11/06 2:53 p.m.29 views

CVE-2011-4625

simplesamlphp before 1.6.3 squeeze and before 1.8.2 sid incorrectly handles XML encryption which could allow remote attackers to decrypt or forge messages...

7.5AI score0.00744EPSS
Exploits0References2
Veracode
Veracode
added 2019/05/02 4:46 a.m.41 views

Privilege Escalation

An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. CVE-2011-1096 JBoss Web Services leaked side-channe...

5.9CVSS7AI score0.15561EPSS
Exploits7References34Affected Software63
Veracode
Veracode
added 2019/05/02 4:46 a.m.39 views

Privilege Escalation

An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. CVE-2011-1096 JBoss Web Services leaked side-channe...

5.9CVSS7AI score0.15561EPSS
Exploits7References38Affected Software63
Veracode
Veracode
added 2019/05/02 4:46 a.m.55 views

Privilege Escalation

An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. CVE-2011-1096 JBoss Web Services leaked side-channe...

5.9CVSS7AI score0.15561EPSS
Exploits7References36Affected Software63
Veracode
Veracode
added 2019/05/02 4:46 a.m.64 views

Information Disclosure

An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. CVE-2011-1096 JBoss Web Services leaked side-channe...

5.9CVSS7AI score0.15561EPSS
Exploits7References42Affected Software63
Veracode
Veracode
added 2019/05/02 4:46 a.m.46 views

Weak Authentication

An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. CVE-2011-1096 JBoss Web Services leaked side-channe...

5.9CVSS7AI score0.15561EPSS
Exploits7References40Affected Software63
Veracode
Veracode
added 2019/05/02 4:46 a.m.52 views

Information Disclosure

An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. CVE-2011-1096 JBoss Web Services leaked side-channe...

5.9CVSS7AI score0.15561EPSS
Exploits7References36Affected Software63
Veracode
Veracode
added 2019/05/02 4:46 a.m.63 views

Cross Site Scripting (XSS)

An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. CVE-2011-1096 JBoss Web Services leaked side-channe...

5.9CVSS7AI score0.15561EPSS
Exploits7References43Affected Software63
Veracode
Veracode
added 2019/05/02 4:45 a.m.33 views

Authentication Bypass

JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. This release serves as a replacement for JBoss Enterprise Application Platform 6.0.1, and includes bug fixes and enhancements. Refer to the 6.1.0 Release Notes for information on the...

5.9CVSS5.8AI score0.06322EPSS
Exploits0References7Affected Software141
Veracode
Veracode
added 2019/01/15 8:54 a.m.41 views

XML Encryption Backwards Compatibility Attack

Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic...

6.4CVSS5.9AI score0.06322EPSS
Exploits0References30Affected Software142
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/17 1:5 p.m.30 views

Security Bulletin: Vulnerabilities in WSS4J affects IBM Cúram (CVE-2015-0226 & CVE-2015-0227 )

Summary IBM Cúram is shipped with a third party library called WSS4J, which is vulnerable to an attack on XML Encryption. WSS4J also fails to properly enforce the requireSignedEncryptedDataElements property which leaves it vulnerable to XML Signature wrapping attacks . Vulnerability Details CVEID...

7.5CVSS0.3AI score0.07543EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 7:3 a.m.29 views

Security Bulletin: Multiple Security Vulnerabilities fixed in IBM WebSphere Application Server 8.5.5.6

Summary Cross reference list for security vulnerabilites fixed in IBM WebSphere Application Server 8.5.5.6, IBM WebSphere Application Server Hypervisor 8.5.5.6 and IBM WebSphere Application Server Liberty Profile 8.5.5.6. Vulnerability Details CVEID: CVE-2015-0226 DESCRIPTION: Apache WSS4J could...

9.3CVSS0.6AI score0.16677EPSS
Exploits1Affected Software3
Cent OS
Cent OS
added 2017/08/31 6:59 p.m.97 views

xmlsec1 security update

CentOS Errata and Security Advisory CESA-2017:2492 An update for xmlsec1 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

7.1CVSS6.8AI score0.01341EPSS
Exploits0References7
Kitploit
Kitploit
added 2017/08/06 11:35 p.m.16 views

WS-Attacker v1.8 - Modular Framework For Web Services Penetration Testing

WS-Attacker is a modular framework for web services penetration testing. It is developed by the Chair of Network and Data Security, Ruhr University Bochum http://nds.rub.de/ and the Hackmanit GmbH http://hackmanit.de/ . The basic idea behind WS-Attacker is to provide a functionality to load WSDL...

7.1AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2016/06/30 9:6 p.m.5 views

wss4j: Apache WSS4J is vulnerable to Bleichenbacher's attack (incomplete fix for CVE-2011-2487)

It was found that a prior countermeasure in Apache WSS4J for Bleichenbacher's attack on XML Encryption CVE-2011-2487 threw an exception that permitted an attacker to determine the failure of the attempted attack, thereby leaving WSS4J vulnerable to the attack. The original flaw allowed a remote...

7.5CVSS6.5AI score0.05501EPSS
Exploits0References4
n0where
n0where
added 2015/07/21 10:53 p.m.56 views

Web Services Penetration Testing: WS-Attacker

WS-Attacker is a modular framework for web services penetration testing. It is developed by the Chair of Network and Data Security, Ruhr University Bochum http://nds.rub.de/ and the Hackmanit GmbH http://hackmanit.de/ . The basic idea behind WS-Attacker is to provide a functionality to load WSDL...

0.2AI score
Exploits0References1
RedHat Linux
RedHat Linux
added 2015/06/23 4:52 p.m.3 views

wss4j: Apache WSS4J is vulnerable to Bleichenbacher's attack (incomplete fix for CVE-2011-2487)

It was found that a prior countermeasure in Apache WSS4J for Bleichenbacher's attack on XML Encryption CVE-2011-2487 threw an exception that permitted an attacker to determine the failure of the attempted attack, thereby leaving WSS4J vulnerable to the attack. The original flaw allowed a remote...

7.5CVSS6.5AI score0.05501EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2015/06/23 4:52 p.m.1 views

wss4j: Apache WSS4J is vulnerable to Bleichenbacher's attack (incomplete fix for CVE-2011-2487)

It was found that a prior countermeasure in Apache WSS4J for Bleichenbacher's attack on XML Encryption CVE-2011-2487 threw an exception that permitted an attacker to determine the failure of the attempted attack, thereby leaving WSS4J vulnerable to the attack. The original flaw allowed a remote...

7.5CVSS6.5AI score0.05501EPSS
Exploits0References4
Rows per page
Query Builder