CVE-2011-2487

Severity CVSS v4.0:
Pending analysis
Type:
CWE-327 Use of a Broken or Risky Cryptographic Algorithm
Publication date:
11/03/2020
Last modified:
21/11/2024

Description

The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:* 2.4.0 (including) 2.4.6 (including)
cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:* 2.5.0 (including) 2.5.2 (including)
cpe:2.3:a:apache:wss4j:*:*:*:*:*:*:*:* 1.6.5 (excluding)
cpe:2.3:a:redhat:jboss_business_rules_management_system:5.3:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform_text-only_advisories:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.2.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.3.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_middleware_text-only_advisories:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_portal:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_web_services:-:*:*:*:*:*:*:*


References to Advisories, Solutions, and Tools