Vulnerability Details : CVE-2011-1096
The W3C XML Encryption Standard, as used in the JBoss Web Services (JBossWS) component in JBoss Enterprise Portal Platform before 5.2.2 and other products, when using block ciphers in cipher-block chaining (CBC) mode, allows remote attackers to obtain plaintext data via a chosen-ciphertext attack on SOAP responses, aka "character encoding pattern attack."
Products affected by CVE-2011-1096
- cpe:2.3:a:redhat:jboss_enterprise_portal_platform:*:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_portal_platform:5.2.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-1096
0.43%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 71 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-1096
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2011-1096
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-1096
-
http://cxf.apache.org/note-on-cve-2011-1096.html
Apache CXF -- Note on CVE-2011-1096
-
http://rhn.redhat.com/errata/RHSA-2013-0194.html
RHSA-2013:0194 - Security Advisory - Red Hat Customer Portal
-
http://rhn.redhat.com/errata/RHSA-2013-0196.html
RHSA-2013:0196 - Security Advisory - Red Hat Customer Portal
-
https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E
svn commit: r1067927 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2020-13954.txt.asc security-advisories.html-Apache Mail Archives
-
http://rhn.redhat.com/errata/RHSA-2013-0197.html
Red Hat Customer Portal
-
http://rhn.redhat.com/errata/RHSA-2013-0191.html
RHSA-2013:0191 - Security Advisory - Red Hat Customer Portal
-
http://rhn.redhat.com/errata/RHSA-2013-0193.html
Red Hat Customer Portal
-
https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E
svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html-Apache Mail Archives
-
http://www.csoonline.com/article/692366/widely-used-encryption-standard-is-insecure-say-experts
Page not found
-
http://rhn.redhat.com/errata/RHSA-2013-1437.html
Red Hat Customer Portal
-
https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E
svn commit: r1058035 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html-Apache Mail Archives
-
https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E
svn commit: r1058573 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2020-1954.txt.asc security-advisories.html-Apache Mail Archives
-
http://rhn.redhat.com/errata/RHSA-2013-0195.html
RHSA-2013:0195 - Security Advisory - Red Hat Customer Portal
-
http://rhn.redhat.com/errata/RHSA-2013-0261.html
RHSA-2013:0261 - Security Advisory - Red Hat Customer Portal
-
https://bugzilla.redhat.com/show_bug.cgi?id=681916
681916 – (CVE-2011-1096) CVE-2011-1096 jbossws: Prone to character encoding pattern attack (XML Encryption flaw)
-
https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E
svn commit: r1055336 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-12423.txt.asc security-advisories.data/CVE-2019-17573.txt.asc security-advisories.htm
-
http://rhn.redhat.com/errata/RHSA-2012-1344.html
Red Hat Customer Portal
-
http://rhn.redhat.com/errata/RHSA-2012-1330.html
Red Hat Customer Portal
-
http://coheigea.blogspot.com/2012/04/note-on-cve-2011-1096.html
Open Source Security: Note on CVE-2011-1096
-
https://lists.apache.org/thread.html/8d5d29747548a24cccdb7f3e2d4d599ffb7ffe4537426b3c9a852cf4%40%3Ccommits.cxf.apache.org%3E
svn commit: r1042570 [4/4] - in /websites/production/cxf/content: cache/docs.pageCache docs/jax-rs-http-signature.html docs/jax-rs-jose.html docs/jax-rs-oauth2.html docs/jax-rs-xml-security.html docs/
-
http://www.securityfocus.com/bid/55770
JBoss Web Services W3C XML Encryption Standard Information Disclosure Vulnerability
-
http://rhn.redhat.com/errata/RHSA-2013-0192.html
RHSA-2013:0192 - Security Advisory - Red Hat Customer Portal
-
http://dl.acm.org/citation.cfm?id=2046756&dl=ACM&coll=DL
How to break XML encryption
-
http://rhn.redhat.com/errata/RHSA-2013-0221.html
RHSA-2013:0221 - Security Advisory - Red Hat Customer Portal
-
http://rhn.redhat.com/errata/RHSA-2012-1301.html
Red Hat Customer Portal
-
http://rhn.redhat.com/errata/RHSA-2013-0198.html
RHSA-2013:0198 - Security Advisory - Red Hat Customer Portal
-
http://aktuell.ruhr-uni-bochum.de/pm2011/pm00330.html.de
403 Forbidden
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/79031
JBoss Web Services CBC information disclosure CVE-2011-1096 Vulnerability Report
-
https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E
svn commit: r1075801 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2021-30468.txt.asc security-advisories.html-Apache Mail Archives
Jump to