QwikSec

Security Database

CVE

CWE

Training

CVE-2011-1096

Published: Nov 23, 2012

Modified: Aug 6, 2024

PUBLISHED

Description

The W3C XML Encryption Standard, as used in the JBoss Web Services (JBossWS) component in JBoss Enterprise Portal Platform before 5.2.2 and other products, when using block ciphers in cipher-block chaining (CBC) mode, allows remote attackers to obtain plaintext data via a chosen-ciphertext attack on SOAP responses, aka "character encoding pattern attack."

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://aktuell.ruhr-uni-bochum.de/pm2011/pm00330.html.de

x_refsource_MISC

http://cxf.apache.org/note-on-cve-2011-1096.html

x_refsource_CONFIRM

vendor-advisory

x_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=681916

x_refsource_MISC

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

http://coheigea.blogspot.com/2012/04/note-on-cve-2011-1096.html

x_refsource_MISC

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

vdb-entry

x_refsource_BID

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SECUNIA

jboss-web-services-cbc-info-disc(79031)

vdb-entry

x_refsource_XF

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

http://dl.acm.org/citation.cfm?id=2046756&dl=ACM&coll=DL

x_refsource_MISC

http://www.csoonline.com/article/692366/widely-used-encryption-standard-is-insecure-say-experts

x_refsource_MISC

[cxf-commits] 20190326 svn commit: r1042570 [4/4] - in /websites/production/cxf/content: cache/docs.pageCache docs/jax-rs-http-signature.html docs/jax-rs-jose.html docs/jax-rs-oauth2.html docs/jax-rs-xml-security.html docs/secure-jax-rs-services.html

mailing-list

x_refsource_MLIST

[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html

mailing-list

x_refsource_MLIST

[cxf-commits] 20200319 svn commit: r1058035 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html

mailing-list

x_refsource_MLIST

[cxf-commits] 20200401 svn commit: r1058573 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2020-1954.txt.asc security-advisories.html

mailing-list

x_refsource_MLIST

[cxf-commits] 20201112 svn commit: r1067927 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2020-13954.txt.asc security-advisories.html

mailing-list

x_refsource_MLIST

[cxf-commits] 20210402 svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html

mailing-list

x_refsource_MLIST

[cxf-commits] 20210616 svn commit: r1075801 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2021-30468.txt.asc security-advisories.html

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.