CVE-2011-1096

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2011-1096
The W3C XML Encryption Standard, as used in the JBoss Web Services (JBossWS) component in JBoss Enterprise Portal Platform before 5.2.2 and other products, when using block ciphers in cipher-block chaining (CBC) mode, allows remote attackers to obtain plaintext data via a chosen-ciphertext attack on SOAP responses, aka "character encoding pattern attack."

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References
Link Resource
http://aktuell.ruhr-uni-bochum.de/pm2011/pm00330.html.de
http://coheigea.blogspot.com/2012/04/note-on-cve-2011-1096.html
http://cxf.apache.org/note-on-cve-2011-1096.html
http://dl.acm.org/citation.cfm?id=2046756&dl=ACM&coll=DL
http://rhn.redhat.com/errata/RHSA-2012-1301.html
http://rhn.redhat.com/errata/RHSA-2012-1330.html
http://rhn.redhat.com/errata/RHSA-2012-1344.html
http://rhn.redhat.com/errata/RHSA-2013-0191.html
http://rhn.redhat.com/errata/RHSA-2013-0192.html
http://rhn.redhat.com/errata/RHSA-2013-0193.html
http://rhn.redhat.com/errata/RHSA-2013-0194.html
http://rhn.redhat.com/errata/RHSA-2013-0195.html
http://rhn.redhat.com/errata/RHSA-2013-0196.html
http://rhn.redhat.com/errata/RHSA-2013-0197.html
http://rhn.redhat.com/errata/RHSA-2013-0198.html
http://rhn.redhat.com/errata/RHSA-2013-0221.html
http://rhn.redhat.com/errata/RHSA-2013-0261.html
http://rhn.redhat.com/errata/RHSA-2013-1437.html
http://secunia.com/advisories/51984
http://secunia.com/advisories/52054
http://www.csoonline.com/article/692366/widely-used-encryption-standard-is-insecure-say-experts
http://www.securityfocus.com/bid/55770
https://bugzilla.redhat.com/show_bug.cgi?id=681916
https://exchange.xforce.ibmcloud.com/vulnerabilities/79031
https://lists.apache.org/thread.html/8d5d29747548a24cccdb7f3e2d4d599ffb7ffe4537426b3c9a852cf4%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:redhat:jboss_enterprise_portal_platform:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.1.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.1.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.2.0:*:*:*:*:*:*:*
History

13 Feb 2023, 01:18

Type Values Removed Values Added
Summary CVE-2011-1096 jbossws: Prone to character encoding pattern attack (XML Encryption flaw) The W3C XML Encryption Standard, as used in the JBoss Web Services (JBossWS) component in JBoss Enterprise Portal Platform before 5.2.2 and other products, when using block ciphers in cipher-block chaining (CBC) mode, allows remote attackers to obtain plaintext data via a chosen-ciphertext attack on SOAP responses, aka "character encoding pattern attack."
References
  • {'url': 'https://access.redhat.com/errata/RHSA-2012:1344', 'name': 'https://access.redhat.com/errata/RHSA-2012:1344', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2013:0191', 'name': 'https://access.redhat.com/errata/RHSA-2013:0191', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2013:0196', 'name': 'https://access.redhat.com/errata/RHSA-2013:0196', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2013:0569', 'name': 'https://access.redhat.com/errata/RHSA-2013:0569', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2013:0194', 'name': 'https://access.redhat.com/errata/RHSA-2013:0194', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2013:0261', 'name': 'https://access.redhat.com/errata/RHSA-2013:0261', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2013:0197', 'name': 'https://access.redhat.com/errata/RHSA-2013:0197', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2013:0192', 'name': 'https://access.redhat.com/errata/RHSA-2013:0192', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2013:0221', 'name': 'https://access.redhat.com/errata/RHSA-2013:0221', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2012:1330', 'name': 'https://access.redhat.com/errata/RHSA-2012:1330', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2013:0193', 'name': 'https://access.redhat.com/errata/RHSA-2013:0193', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/security/cve/CVE-2011-1096', 'name': 'https://access.redhat.com/security/cve/CVE-2011-1096', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2013:0198', 'name': 'https://access.redhat.com/errata/RHSA-2013:0198', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2013:0195', 'name': 'https://access.redhat.com/errata/RHSA-2013:0195', 'tags': [], 'refsource': 'MISC'}

02 Feb 2023, 15:15

Type Values Removed Values Added
Summary The W3C XML Encryption Standard, as used in the JBoss Web Services (JBossWS) component in JBoss Enterprise Portal Platform before 5.2.2 and other products, when using block ciphers in cipher-block chaining (CBC) mode, allows remote attackers to obtain plaintext data via a chosen-ciphertext attack on SOAP responses, aka "character encoding pattern attack." CVE-2011-1096 jbossws: Prone to character encoding pattern attack (XML Encryption flaw)
References
  • {'url': 'https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E', 'name': '[cxf-commits] 20201112 svn commit: r1067927 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2020-13954.txt.asc security-advisories.html', 'tags': [], 'refsource': 'MLIST'}
  • {'url': 'https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E', 'name': '[cxf-commits] 20210402 svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html', 'tags': [], 'refsource': 'MLIST'}
  • {'url': 'https://lists.apache.org/thread.html/8d5d29747548a24cccdb7f3e2d4d599ffb7ffe4537426b3c9a852cf4@%3Ccommits.cxf.apache.org%3E', 'name': '[cxf-commits] 20190326 svn commit: r1042570 [4/4] - in /websites/production/cxf/content: cache/docs.pageCache docs/jax-rs-http-signature.html docs/jax-rs-jose.html docs/jax-rs-oauth2.html docs/jax-rs-xml-security.html docs/secure-jax-rs-services.html', 'tags': [], 'refsource': 'MLIST'}
  • {'url': 'https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E', 'name': '[cxf-commits] 20200319 svn commit: r1058035 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html', 'tags': [], 'refsource': 'MLIST'}
  • {'url': 'https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E', 'name': '[cxf-commits] 20200401 svn commit: r1058573 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2020-1954.txt.asc security-advisories.html', 'tags': [], 'refsource': 'MLIST'}
  • {'url': 'https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c@%3Ccommits.cxf.apache.org%3E', 'name': '[cxf-commits] 20200116 svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html', 'tags': [], 'refsource': 'MLIST'}
  • {'url': 'https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E', 'name': '[cxf-commits] 20210616 svn commit: r1075801 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2021-30468.txt.asc security-advisories.html', 'tags': [], 'refsource': 'MLIST'}
  • (MISC) https://access.redhat.com/errata/RHSA-2012:1344 -
  • (MISC) https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E -
  • (MISC) https://access.redhat.com/errata/RHSA-2013:0569 -
  • (MISC) https://lists.apache.org/thread.html/8d5d29747548a24cccdb7f3e2d4d599ffb7ffe4537426b3c9a852cf4%40%3Ccommits.cxf.apache.org%3E -
  • (MISC) https://access.redhat.com/errata/RHSA-2013:0193 -
  • (MISC) https://access.redhat.com/errata/RHSA-2013:0198 -
  • (MISC) https://access.redhat.com/errata/RHSA-2013:0191 -
  • (MISC) https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E -
  • (MISC) https://access.redhat.com/errata/RHSA-2013:0194 -
  • (MISC) https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E -
  • (MISC) https://access.redhat.com/errata/RHSA-2013:0197 -
  • (MISC) https://access.redhat.com/errata/RHSA-2013:0192 -
  • (MISC) https://access.redhat.com/errata/RHSA-2012:1330 -
  • (MISC) https://access.redhat.com/errata/RHSA-2013:0195 -
  • (MISC) https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E -
  • (MISC) https://access.redhat.com/errata/RHSA-2013:0196 -
  • (MISC) https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E -
  • (MISC) https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E -
  • (MISC) https://access.redhat.com/errata/RHSA-2013:0261 -
  • (MISC) https://access.redhat.com/errata/RHSA-2013:0221 -
  • (MISC) https://access.redhat.com/security/cve/CVE-2011-1096 -

16 Jun 2021, 12:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E -

02 Apr 2021, 12:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E -
Information

Published : 2012-11-23 20:55

Updated : 2023-12-10 11:16

NVD link : CVE-2011-1096

Mitre link : CVE-2011-1096

CVE.ORG link : CVE-2011-1096

JSON object : View

Products Affected

redhat

  • jboss_enterprise_portal_platform
CWE
CWE-310

Cryptographic Issues