The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
13 Feb 2023, 01:19
Type | Values Removed | Values Added |
---|---|---|
Summary | The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack. | |
References |
|
02 Feb 2023, 14:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | A flaw was found in JBoss web services where the services used a weak symmetric encryption protocol, PKCS#1 v1.5. An attacker could use this weakness in chosen-ciphertext attacks to recover the symmetric key and conduct further attacks. |
16 Jun 2021, 12:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
02 Apr 2021, 12:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2020-03-11 16:15
Updated : 2023-12-10 13:13
NVD link : CVE-2011-2487
Mitre link : CVE-2011-2487
CVE.ORG link : CVE-2011-2487
JSON object : View
Products Affected
redhat
- jboss_enterprise_web_platform
- jboss_portal
- jboss_enterprise_soa_platform
- jboss_business_rules_management_system
- jboss_enterprise_application_platform
- jboss_enterprise_application_platform_text-only_advisories
- jboss_middleware_text-only_advisories
- jboss_web_services
apache
- wss4j
- cxf
CWE
CWE-327
Use of a Broken or Risky Cryptographic Algorithm