CVE-2011-1096
Published Nov 23, 2012
Last updated 2 years ago
Overview
- Description
- The W3C XML Encryption Standard, as used in the JBoss Web Services (JBossWS) component in JBoss Enterprise Portal Platform before 5.2.2 and other products, when using block ciphers in cipher-block chaining (CBC) mode, allows remote attackers to obtain plaintext data via a chosen-ciphertext attack on SOAP responses, aka "character encoding pattern attack."
- Source
- secalert@redhat.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-310
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_portal_platform:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "300258C1-80FD-405D-850E-47A551818C10",
"versionEndIncluding": "5.2.1"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3221242F-802E-418B-BC9D-CFA200D99171"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5472541F-ED83-4656-AE18-1642F571D294"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "97165B18-1078-4215-94DA-0B6C4228056E"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A62117F2-5513-4998-8FDC-64564BBD00EC"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D66D2843-0273-4A3A-A9D1-48BBB15031B7"
}
],
"operator": "OR"
}
]
}
]