Lucene search
K

149 matches found

RedHat Linux
RedHat Linux
added 2015/04/16 4:26 p.m.71 views

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.0 update

Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.4.0, and fix multiple security issues, several bugs, and add various enhancements, are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact...

7.5CVSS6.6AI score0.07543EPSS
Exploits0References54
RedHat Linux
RedHat Linux
added 2015/04/16 4:26 p.m.6 views

wss4j: Apache WSS4J is vulnerable to Bleichenbacher's attack (incomplete fix for CVE-2011-2487)

It was found that a prior countermeasure in Apache WSS4J for Bleichenbacher's attack on XML Encryption CVE-2011-2487 threw an exception that permitted an attacker to determine the failure of the attempted attack, thereby leaving WSS4J vulnerable to the attack. The original flaw allowed a remote...

7.5CVSS6.5AI score0.05501EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2015/04/16 4:17 p.m.2 views

wss4j: Apache WSS4J is vulnerable to Bleichenbacher's attack (incomplete fix for CVE-2011-2487)

It was found that a prior countermeasure in Apache WSS4J for Bleichenbacher's attack on XML Encryption CVE-2011-2487 threw an exception that permitted an attacker to determine the failure of the attempted attack, thereby leaving WSS4J vulnerable to the attack. The original flaw allowed a remote...

7.5CVSS6.5AI score0.05501EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2015/04/16 4:13 p.m.57 views

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.0 update

Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.4.0, and fix multiple security issues, several bugs, and add various enhancements, are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact...

7.5CVSS6.6AI score0.07543EPSS
Exploits0References54
RedHat Linux
RedHat Linux
added 2015/04/16 4:13 p.m.5 views

wss4j: Apache WSS4J is vulnerable to Bleichenbacher's attack (incomplete fix for CVE-2011-2487)

It was found that a prior countermeasure in Apache WSS4J for Bleichenbacher's attack on XML Encryption CVE-2011-2487 threw an exception that permitted an attacker to determine the failure of the attempted attack, thereby leaving WSS4J vulnerable to the attack. The original flaw allowed a remote...

7.5CVSS6.5AI score0.05501EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2015/04/16 3:39 p.m.11 views

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.0 update

Updated packages that provide Red Hat JBoss Enterprise Application Platform 6.4.0, and fix multiple security issues, several bugs, and add various enhancements, are now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Important security impact...

7.5CVSS7AI score0.98685EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2015/04/01 2:48 p.m.4 views

wss4j: Apache WSS4J is vulnerable to Bleichenbacher's attack (incomplete fix for CVE-2011-2487)

It was found that a prior countermeasure in Apache WSS4J for Bleichenbacher's attack on XML Encryption CVE-2011-2487 threw an exception that permitted an attacker to determine the failure of the attempted attack, thereby leaving WSS4J vulnerable to the attack. The original flaw allowed a remote...

7.5CVSS6.5AI score0.05501EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2014/11/08 12:0 a.m.62 views

RHEL 4 : JBoss EWP (RHSA-2013:0197)

Updated JBoss Enterprise Web Platform 5.2.0 packages that fix multiple security issues, various bugs, and add several enhancements are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability...

10CVSS7.8AI score0.15561EPSS
Exploits7References30
Tenable Nessus
Tenable Nessus
added 2014/11/08 12:0 a.m.46 views

RHEL 5 : JBoss Enterprise Web Platform 5.2.0 update (Important) (RHSA-2013:0196)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2013:0196 advisory. An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduc...

10CVSS8.4AI score0.15561EPSS
Exploits7References32
Fedora
Fedora
added 2014/11/07 2:30 a.m.32 views

[SECURITY] Fedora 20 Update: xml-security-1.5.7-1.fc20

The XML Security project is aimed at providing implementation of security standards for XML. Currently the focus is on the W3C standards : - XML-Signature Syntax and Processing; and - XML Encryption Syntax and Processing...

4.3CVSS1.9AI score0.08863EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2013/10/16 4:45 p.m.4 views

apache-cxf: XML encryption backwards compatibility attacks

Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic...

6.4CVSS6.9AI score0.06322EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2013/10/16 4:45 p.m.8 views

Important: Red Hat Security Advisory: Red Hat JBoss Portal 6.1.0 update

Red Hat JBoss Portal 6.1.0, which fixes multiple security issues and various bugs, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give...

6.8CVSS7.4AI score0.32259EPSS
Exploits11References14
Prion
Prion
added 2013/08/19 11:55 p.m.36 views

Code injection

Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic...

6.4CVSS6.9AI score0.06322EPSS
Exploits0References21Affected Software6
CVE
CVE
added 2013/08/19 11:0 p.m.122 views

CVE-2012-5575

CVE-2012-5575 affects Apache CXF: versions 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 do not verify that the chosen cryptographic algorithm is allowed by WS-SecurityPolicy AlgorithmSuite before decrypting, enabling an attacker to coerce the use of weaker algorithms an...

6.4CVSS5.7AI score0.06322EPSS
Exploits0References21Affected Software6
Cvelist
Cvelist
added 2013/08/19 11:0 p.m.53 views

CVE-2012-5575

Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic...

5.5AI score0.06322EPSS
Exploits0References21
EUVD
EUVD
added 2013/08/19 11:0 p.m.9 views

EUVD-2022-3062

Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic...

6.4CVSS5.8AI score0.06322EPSS
Exploits0References41
RedHat Linux
RedHat Linux
added 2013/07/09 5:35 p.m.6 views

apache-cxf: XML encryption backwards compatibility attacks

Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic...

6.4CVSS6.9AI score0.06322EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2013/07/09 5:35 p.m.62 views

Important: Red Hat Security Advisory: Fuse ESB Enterprise 7.1.0 update

Fuse ESB Enterprise 7.1.0 roll up patch 1, which fixes multiple security issues and various bugs, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores,...

7.5CVSS6.8AI score0.32259EPSS
Exploits6References8
RedHat Linux
RedHat Linux
added 2013/07/01 3:10 p.m.40 views

Important: Red Hat Security Advisory: Red Hat JBoss BRMS 5.3.1 update

Red Hat JBoss BRMS 5.3.1 roll up patch 2, which fixes multiple security issues and various bugs, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores,...

6.4CVSS6.6AI score0.12098EPSS
Exploits2References5
RedHat Linux
RedHat Linux
added 2013/07/01 3:10 p.m.9 views

apache-cxf: XML encryption backwards compatibility attacks

Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers to force CXF to use weaker cryptographic...

6.4CVSS6.9AI score0.06322EPSS
Exploits0References6
Rows per page
Query Builder