seeing is believing
Showing 1 - 13 of 13 RSS Feed

CVE-2011-1096

Status Candidate

Overview

The W3C XML Encryption Standard, as used in the JBoss Web Services (JBossWS) component in JBoss Enterprise Portal Platform before 5.2.2 and other products, when using block ciphers in cipher-block chaining (CBC) mode, allows remote attackers to obtain plaintext data via a chosen-ciphertext attack on SOAP responses, aka "character encoding pattern attack."

Related Files

Red Hat Security Advisory 2013-0569-01
Posted Feb 27, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0569-01 - JBoss Enterprise SOA Platform is the next-generation ESB and business process automation infrastructure. JBoss Enterprise Portal Platform is the open source implementation of the Java EE suite of services and Portal services running atop JBoss Enterprise Application Platform. An attack technique was found against the W3C XML Encryption Standard when block ciphers were used in cipher-block chaining mode. A remote attacker could use this flaw to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram by examining the differences between SOAP responses sent from JBoss Web Services.

tags | advisory, java, remote, web
systems | linux, redhat
advisories | CVE-2011-1096
MD5 | f1fa6ca3fbcdc196fa2c6137375aa6d8
Red Hat Security Advisory 2013-0261-01
Posted Feb 14, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0261-01 - JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. An attack technique was found against the W3C XML Encryption Standard when block ciphers were used in cipher-block chaining mode. A remote attacker could use this flaw to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram by examining the differences between SOAP responses sent from JBoss Web Services.

tags | advisory, java, remote, web
systems | linux, redhat
advisories | CVE-2011-1096
MD5 | b106655e265edcb5cd12b3d500b438a0
Red Hat Security Advisory 2013-0221-01
Posted Feb 1, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0221-01 - An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. JBoss Web Services leaked side-channel data when distributing symmetric keys, allowing a remote attacker to recover the entire plain text form of a symmetric key. Various other issues were also addressed.

tags | advisory, remote, web
systems | linux, redhat
advisories | CVE-2009-5066, CVE-2011-1096, CVE-2011-2487, CVE-2011-2730, CVE-2011-4575, CVE-2012-0034, CVE-2012-0874, CVE-2012-3369, CVE-2012-3370, CVE-2012-3546, CVE-2012-5478
MD5 | 28481e8fdfb034ff65e82f80e6540009
Red Hat Security Advisory 2013-0196-01
Posted Jan 25, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0196-01 - An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. JBoss Web Services leaked side-channel data when distributing symmetric keys, allowing a remote attacker to recover the entire plain text form of a symmetric key. Spring framework could possibly evaluate Expression Language expressions twice, allowing a remote attacker to execute arbitrary code in the context of the application server, or to obtain sensitive information from the server. Manual action is required to apply this fix.

tags | advisory, remote, web, arbitrary
systems | linux, redhat
advisories | CVE-2009-5066, CVE-2011-1096, CVE-2011-2487, CVE-2011-2730, CVE-2011-2908, CVE-2011-4575, CVE-2012-0034, CVE-2012-0874, CVE-2012-2377, CVE-2012-2379, CVE-2012-3369, CVE-2012-3370, CVE-2012-3546, CVE-2012-5478
MD5 | 9bc277cad34311b9ed1145cfe72e9ce3
Red Hat Security Advisory 2013-0198-01
Posted Jan 25, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0198-01 - An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. JBoss Web Services leaked side-channel data when distributing symmetric keys, allowing a remote attacker to recover the entire plain text form of a symmetric key. Spring framework could possibly evaluate Expression Language expressions twice, allowing a remote attacker to execute arbitrary code in the context of the application server, or to obtain sensitive information from the server. Manual action is required to apply this fix.

tags | advisory, remote, web, arbitrary
systems | linux, redhat
advisories | CVE-2009-5066, CVE-2011-1096, CVE-2011-2487, CVE-2011-2730, CVE-2011-2908, CVE-2011-4575, CVE-2012-0874, CVE-2012-2377, CVE-2012-2379, CVE-2012-3369, CVE-2012-3370, CVE-2012-3546, CVE-2012-5478
MD5 | b1595bd4d15992a5c521afe0ea3ce556
Red Hat Security Advisory 2013-0193-01
Posted Jan 25, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0193-01 - An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. JBoss Web Services leaked side-channel data when distributing symmetric keys, allowing a remote attacker to recover the entire plain text form of a symmetric key. Spring framework could possibly evaluate Expression Language expressions twice, allowing a remote attacker to execute arbitrary code in the context of the application server, or to obtain sensitive information from the server. Manual action is required to apply this fix.

tags | advisory, remote, web, arbitrary
systems | linux, redhat
advisories | CVE-2009-5066, CVE-2011-1096, CVE-2011-2487, CVE-2011-2730, CVE-2011-2908, CVE-2011-4575, CVE-2012-0034, CVE-2012-0874, CVE-2012-2377, CVE-2012-2379, CVE-2012-3369, CVE-2012-3370, CVE-2012-3546, CVE-2012-5478
MD5 | db35990392efe4e65efd108e8a373277
Red Hat Security Advisory 2013-0197-01
Posted Jan 25, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0197-01 - An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. JBoss Web Services leaked side-channel data when distributing symmetric keys, allowing a remote attacker to recover the entire plain text form of a symmetric key. Spring framework could possibly evaluate Expression Language expressions twice, allowing a remote attacker to execute arbitrary code in the context of the application server, or to obtain sensitive information from the server. Manual action is required to apply this fix.

tags | advisory, remote, web, arbitrary
systems | linux, redhat
advisories | CVE-2009-5066, CVE-2011-1096, CVE-2011-2487, CVE-2011-2730, CVE-2011-2908, CVE-2011-4575, CVE-2012-0034, CVE-2012-0874, CVE-2012-2377, CVE-2012-2379, CVE-2012-3369, CVE-2012-3370, CVE-2012-3546, CVE-2012-5478
MD5 | 56de6e2db763f251603aa3b7c3645d72
Red Hat Security Advisory 2013-0194-01
Posted Jan 25, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0194-01 - An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. JBoss Web Services leaked side-channel data when distributing symmetric keys, allowing a remote attacker to recover the entire plain text form of a symmetric key. Spring framework could possibly evaluate Expression Language expressions twice, allowing a remote attacker to execute arbitrary code in the context of the application server, or to obtain sensitive information from the server. Manual action is required to apply this fix.

tags | advisory, remote, web, arbitrary
systems | linux, redhat
advisories | CVE-2009-5066, CVE-2011-1096, CVE-2011-2487, CVE-2011-2730, CVE-2011-2908, CVE-2011-4575, CVE-2012-0874, CVE-2012-2377, CVE-2012-2379, CVE-2012-3369, CVE-2012-3370, CVE-2012-3546, CVE-2012-5478
MD5 | 8e4016181cce8bc4cffc90db102a96d6
Red Hat Security Advisory 2013-0195-01
Posted Jan 25, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0195-01 - An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. JBoss Web Services leaked side-channel data when distributing symmetric keys, allowing a remote attacker to recover the entire plain text form of a symmetric key. Spring framework could possibly evaluate Expression Language expressions twice, allowing a remote attacker to execute arbitrary code in the context of the application server, or to obtain sensitive information from the server. Manual action is required to apply this fix.

tags | advisory, remote, web, arbitrary
systems | linux, redhat
advisories | CVE-2009-5066, CVE-2011-1096, CVE-2011-2487, CVE-2011-2730, CVE-2011-2908, CVE-2011-4575, CVE-2012-0034, CVE-2012-0874, CVE-2012-2377, CVE-2012-2379, CVE-2012-3369, CVE-2012-3370, CVE-2012-3546, CVE-2012-5478
MD5 | d4f97125223219f34f31c65e909d63db
Red Hat Security Advisory 2013-0192-01
Posted Jan 25, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0192-01 - An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. JBoss Web Services leaked side-channel data when distributing symmetric keys, allowing a remote attacker to recover the entire plain text form of a symmetric key. Spring framework could possibly evaluate Expression Language expressions twice, allowing a remote attacker to execute arbitrary code in the context of the application server, or to obtain sensitive information from the server. Manual action is required to apply this fix.

tags | advisory, remote, web, arbitrary
systems | linux, redhat
advisories | CVE-2009-5066, CVE-2011-1096, CVE-2011-2487, CVE-2011-2730, CVE-2011-2908, CVE-2011-4575, CVE-2012-0034, CVE-2012-0874, CVE-2012-2377, CVE-2012-2379, CVE-2012-3369, CVE-2012-3370, CVE-2012-3546, CVE-2012-5478
MD5 | a1dc620065305fff455d9c61c8a3e197
Red Hat Security Advisory 2013-0191-01
Posted Jan 25, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0191-01 - An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. JBoss Web Services leaked side-channel data when distributing symmetric keys, allowing a remote attacker to recover the entire plain text form of a symmetric key. Spring framework could possibly evaluate Expression Language expressions twice, allowing a remote attacker to execute arbitrary code in the context of the application server, or to obtain sensitive information from the server. Manual action is required to apply this fix.

tags | advisory, remote, web, arbitrary
systems | linux, redhat
advisories | CVE-2009-5066, CVE-2011-1096, CVE-2011-2487, CVE-2011-2730, CVE-2011-2908, CVE-2011-4575, CVE-2012-0034, CVE-2012-0874, CVE-2012-2377, CVE-2012-2379, CVE-2012-3369, CVE-2012-3370, CVE-2012-3546, CVE-2012-5478
MD5 | d9a177ae77d5a5d614afb6b19fecda3c
Red Hat Security Advisory 2012-1344-01
Posted Oct 8, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1344-01 - JBoss Enterprise Portal Platform is the open source implementation of the Java EE suite of services and Portal services running atop JBoss Enterprise Application Platform. It comprises a set of offerings for enterprise customers who are looking for pre-configured profiles of JBoss Enterprise Middleware components that have been tested and certified together to provide an integrated experience. An attack technique was found against the W3C XML Encryption Standard when block ciphers were used in cipher-block chaining mode. A remote attacker could use this flaw to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram by examining the differences between SOAP responses sent from JBoss Web Services.

tags | advisory, java, remote, web
systems | linux, redhat
advisories | CVE-2011-1096
MD5 | b5987ecaec1135d3720ef5059dd9296e
Red Hat Security Advisory 2012-1330-01
Posted Oct 4, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1330-01 - JBoss Enterprise SOA Platform is the next-generation ESB and business process automation infrastructure. JBoss Enterprise SOA Platform allows IT to leverage existing, modern, and future integration methodologies to dramatically improve business process execution speed and quality. An attack technique was found against the W3C XML Encryption Standard when block ciphers were used in cipher-block chaining mode. A remote attacker could use this flaw to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram by examining the differences between SOAP responses sent from JBoss Web Services.

tags | advisory, remote, web
systems | linux, redhat
advisories | CVE-2011-1096
MD5 | 2592d2a7fb7b0ba9fa70b3f2e7027c1b
Page 1 of 1
Back1Next

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    22 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close