Exploit the possiblities
Showing 1 - 13 of 13 RSS Feed

CVE-2011-1096

Status Candidate

Overview

The W3C XML Encryption Standard, as used in the JBoss Web Services (JBossWS) component in JBoss Enterprise Portal Platform before 5.2.2 and other products, when using block ciphers in cipher-block chaining (CBC) mode, allows remote attackers to obtain plaintext data via a chosen-ciphertext attack on SOAP responses, aka "character encoding pattern attack."

Related Files

Red Hat Security Advisory 2013-0569-01
Posted Feb 27, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0569-01 - JBoss Enterprise SOA Platform is the next-generation ESB and business process automation infrastructure. JBoss Enterprise Portal Platform is the open source implementation of the Java EE suite of services and Portal services running atop JBoss Enterprise Application Platform. An attack technique was found against the W3C XML Encryption Standard when block ciphers were used in cipher-block chaining mode. A remote attacker could use this flaw to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram by examining the differences between SOAP responses sent from JBoss Web Services.

tags | advisory, java, remote, web
systems | linux, redhat
advisories | CVE-2011-1096
MD5 | f1fa6ca3fbcdc196fa2c6137375aa6d8
Red Hat Security Advisory 2013-0261-01
Posted Feb 14, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0261-01 - JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. An attack technique was found against the W3C XML Encryption Standard when block ciphers were used in cipher-block chaining mode. A remote attacker could use this flaw to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram by examining the differences between SOAP responses sent from JBoss Web Services.

tags | advisory, java, remote, web
systems | linux, redhat
advisories | CVE-2011-1096
MD5 | b106655e265edcb5cd12b3d500b438a0
Red Hat Security Advisory 2013-0221-01
Posted Feb 1, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0221-01 - An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. JBoss Web Services leaked side-channel data when distributing symmetric keys, allowing a remote attacker to recover the entire plain text form of a symmetric key. Various other issues were also addressed.

tags | advisory, remote, web
systems | linux, redhat
advisories | CVE-2009-5066, CVE-2011-1096, CVE-2011-2487, CVE-2011-2730, CVE-2011-4575, CVE-2012-0034, CVE-2012-0874, CVE-2012-3369, CVE-2012-3370, CVE-2012-3546, CVE-2012-5478
MD5 | 28481e8fdfb034ff65e82f80e6540009
Red Hat Security Advisory 2013-0196-01
Posted Jan 25, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0196-01 - An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. JBoss Web Services leaked side-channel data when distributing symmetric keys, allowing a remote attacker to recover the entire plain text form of a symmetric key. Spring framework could possibly evaluate Expression Language expressions twice, allowing a remote attacker to execute arbitrary code in the context of the application server, or to obtain sensitive information from the server. Manual action is required to apply this fix.

tags | advisory, remote, web, arbitrary
systems | linux, redhat
advisories | CVE-2009-5066, CVE-2011-1096, CVE-2011-2487, CVE-2011-2730, CVE-2011-2908, CVE-2011-4575, CVE-2012-0034, CVE-2012-0874, CVE-2012-2377, CVE-2012-2379, CVE-2012-3369, CVE-2012-3370, CVE-2012-3546, CVE-2012-5478
MD5 | 9bc277cad34311b9ed1145cfe72e9ce3
Red Hat Security Advisory 2013-0198-01
Posted Jan 25, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0198-01 - An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. JBoss Web Services leaked side-channel data when distributing symmetric keys, allowing a remote attacker to recover the entire plain text form of a symmetric key. Spring framework could possibly evaluate Expression Language expressions twice, allowing a remote attacker to execute arbitrary code in the context of the application server, or to obtain sensitive information from the server. Manual action is required to apply this fix.

tags | advisory, remote, web, arbitrary
systems | linux, redhat
advisories | CVE-2009-5066, CVE-2011-1096, CVE-2011-2487, CVE-2011-2730, CVE-2011-2908, CVE-2011-4575, CVE-2012-0874, CVE-2012-2377, CVE-2012-2379, CVE-2012-3369, CVE-2012-3370, CVE-2012-3546, CVE-2012-5478
MD5 | b1595bd4d15992a5c521afe0ea3ce556
Red Hat Security Advisory 2013-0193-01
Posted Jan 25, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0193-01 - An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. JBoss Web Services leaked side-channel data when distributing symmetric keys, allowing a remote attacker to recover the entire plain text form of a symmetric key. Spring framework could possibly evaluate Expression Language expressions twice, allowing a remote attacker to execute arbitrary code in the context of the application server, or to obtain sensitive information from the server. Manual action is required to apply this fix.

tags | advisory, remote, web, arbitrary
systems | linux, redhat
advisories | CVE-2009-5066, CVE-2011-1096, CVE-2011-2487, CVE-2011-2730, CVE-2011-2908, CVE-2011-4575, CVE-2012-0034, CVE-2012-0874, CVE-2012-2377, CVE-2012-2379, CVE-2012-3369, CVE-2012-3370, CVE-2012-3546, CVE-2012-5478
MD5 | db35990392efe4e65efd108e8a373277
Red Hat Security Advisory 2013-0197-01
Posted Jan 25, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0197-01 - An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. JBoss Web Services leaked side-channel data when distributing symmetric keys, allowing a remote attacker to recover the entire plain text form of a symmetric key. Spring framework could possibly evaluate Expression Language expressions twice, allowing a remote attacker to execute arbitrary code in the context of the application server, or to obtain sensitive information from the server. Manual action is required to apply this fix.

tags | advisory, remote, web, arbitrary
systems | linux, redhat
advisories | CVE-2009-5066, CVE-2011-1096, CVE-2011-2487, CVE-2011-2730, CVE-2011-2908, CVE-2011-4575, CVE-2012-0034, CVE-2012-0874, CVE-2012-2377, CVE-2012-2379, CVE-2012-3369, CVE-2012-3370, CVE-2012-3546, CVE-2012-5478
MD5 | 56de6e2db763f251603aa3b7c3645d72
Red Hat Security Advisory 2013-0194-01
Posted Jan 25, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0194-01 - An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. JBoss Web Services leaked side-channel data when distributing symmetric keys, allowing a remote attacker to recover the entire plain text form of a symmetric key. Spring framework could possibly evaluate Expression Language expressions twice, allowing a remote attacker to execute arbitrary code in the context of the application server, or to obtain sensitive information from the server. Manual action is required to apply this fix.

tags | advisory, remote, web, arbitrary
systems | linux, redhat
advisories | CVE-2009-5066, CVE-2011-1096, CVE-2011-2487, CVE-2011-2730, CVE-2011-2908, CVE-2011-4575, CVE-2012-0874, CVE-2012-2377, CVE-2012-2379, CVE-2012-3369, CVE-2012-3370, CVE-2012-3546, CVE-2012-5478
MD5 | 8e4016181cce8bc4cffc90db102a96d6
Red Hat Security Advisory 2013-0195-01
Posted Jan 25, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0195-01 - An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. JBoss Web Services leaked side-channel data when distributing symmetric keys, allowing a remote attacker to recover the entire plain text form of a symmetric key. Spring framework could possibly evaluate Expression Language expressions twice, allowing a remote attacker to execute arbitrary code in the context of the application server, or to obtain sensitive information from the server. Manual action is required to apply this fix.

tags | advisory, remote, web, arbitrary
systems | linux, redhat
advisories | CVE-2009-5066, CVE-2011-1096, CVE-2011-2487, CVE-2011-2730, CVE-2011-2908, CVE-2011-4575, CVE-2012-0034, CVE-2012-0874, CVE-2012-2377, CVE-2012-2379, CVE-2012-3369, CVE-2012-3370, CVE-2012-3546, CVE-2012-5478
MD5 | d4f97125223219f34f31c65e909d63db
Red Hat Security Advisory 2013-0192-01
Posted Jan 25, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0192-01 - An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. JBoss Web Services leaked side-channel data when distributing symmetric keys, allowing a remote attacker to recover the entire plain text form of a symmetric key. Spring framework could possibly evaluate Expression Language expressions twice, allowing a remote attacker to execute arbitrary code in the context of the application server, or to obtain sensitive information from the server. Manual action is required to apply this fix.

tags | advisory, remote, web, arbitrary
systems | linux, redhat
advisories | CVE-2009-5066, CVE-2011-1096, CVE-2011-2487, CVE-2011-2730, CVE-2011-2908, CVE-2011-4575, CVE-2012-0034, CVE-2012-0874, CVE-2012-2377, CVE-2012-2379, CVE-2012-3369, CVE-2012-3370, CVE-2012-3546, CVE-2012-5478
MD5 | a1dc620065305fff455d9c61c8a3e197
Red Hat Security Advisory 2013-0191-01
Posted Jan 25, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0191-01 - An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. JBoss Web Services leaked side-channel data when distributing symmetric keys, allowing a remote attacker to recover the entire plain text form of a symmetric key. Spring framework could possibly evaluate Expression Language expressions twice, allowing a remote attacker to execute arbitrary code in the context of the application server, or to obtain sensitive information from the server. Manual action is required to apply this fix.

tags | advisory, remote, web, arbitrary
systems | linux, redhat
advisories | CVE-2009-5066, CVE-2011-1096, CVE-2011-2487, CVE-2011-2730, CVE-2011-2908, CVE-2011-4575, CVE-2012-0034, CVE-2012-0874, CVE-2012-2377, CVE-2012-2379, CVE-2012-3369, CVE-2012-3370, CVE-2012-3546, CVE-2012-5478
MD5 | d9a177ae77d5a5d614afb6b19fecda3c
Red Hat Security Advisory 2012-1344-01
Posted Oct 8, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1344-01 - JBoss Enterprise Portal Platform is the open source implementation of the Java EE suite of services and Portal services running atop JBoss Enterprise Application Platform. It comprises a set of offerings for enterprise customers who are looking for pre-configured profiles of JBoss Enterprise Middleware components that have been tested and certified together to provide an integrated experience. An attack technique was found against the W3C XML Encryption Standard when block ciphers were used in cipher-block chaining mode. A remote attacker could use this flaw to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram by examining the differences between SOAP responses sent from JBoss Web Services.

tags | advisory, java, remote, web
systems | linux, redhat
advisories | CVE-2011-1096
MD5 | b5987ecaec1135d3720ef5059dd9296e
Red Hat Security Advisory 2012-1330-01
Posted Oct 4, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1330-01 - JBoss Enterprise SOA Platform is the next-generation ESB and business process automation infrastructure. JBoss Enterprise SOA Platform allows IT to leverage existing, modern, and future integration methodologies to dramatically improve business process execution speed and quality. An attack technique was found against the W3C XML Encryption Standard when block ciphers were used in cipher-block chaining mode. A remote attacker could use this flaw to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram by examining the differences between SOAP responses sent from JBoss Web Services.

tags | advisory, remote, web
systems | linux, redhat
advisories | CVE-2011-1096
MD5 | 2592d2a7fb7b0ba9fa70b3f2e7027c1b
Page 1 of 1
Back1Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

January 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    16 Files
  • 4
    Jan 4th
    39 Files
  • 5
    Jan 5th
    26 Files
  • 6
    Jan 6th
    40 Files
  • 7
    Jan 7th
    2 Files
  • 8
    Jan 8th
    16 Files
  • 9
    Jan 9th
    25 Files
  • 10
    Jan 10th
    28 Files
  • 11
    Jan 11th
    44 Files
  • 12
    Jan 12th
    32 Files
  • 13
    Jan 13th
    2 Files
  • 14
    Jan 14th
    4 Files
  • 15
    Jan 15th
    31 Files
  • 16
    Jan 16th
    15 Files
  • 17
    Jan 17th
    16 Files
  • 18
    Jan 18th
    24 Files
  • 19
    Jan 19th
    15 Files
  • 20
    Jan 20th
    5 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close