Use of a Broken or Risky Cryptographic Algorithm in Apache WSS4J

The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack.

References

https://nvd.nist.gov/vuln/detail/CVE-2011-2487
https://bugzilla.redhat.com/show_bug.cgi?id=713539
https://exchange.xforce.ibmcloud.com/vulnerabilities/81737
https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E
https://www.nds.ruhr-uni-bochum.de/research/publications/breaking-xml-encryption-pkcs15/
http://cxf.apache.org/note-on-cve-2011-2487.html
http://rhn.redhat.com/errata/RHSA-2013-0191.html
http://rhn.redhat.com/errata/RHSA-2013-0192.html
http://rhn.redhat.com/errata/RHSA-2013-0194.html
http://rhn.redhat.com/errata/RHSA-2013-0195.html
http://rhn.redhat.com/errata/RHSA-2013-0196.html
http://rhn.redhat.com/errata/RHSA-2013-0198.html
http://rhn.redhat.com/errata/RHSA-2013-0221.html
https://access.redhat.com/errata/RHSA-2013:0191
https://access.redhat.com/errata/RHSA-2013:0192
https://access.redhat.com/errata/RHSA-2013:0193
https://access.redhat.com/errata/RHSA-2013:0194
https://access.redhat.com/errata/RHSA-2013:0195
https://access.redhat.com/errata/RHSA-2013:0196
https://access.redhat.com/errata/RHSA-2013:0197
https://access.redhat.com/errata/RHSA-2013:0198
https://access.redhat.com/errata/RHSA-2013:0221
https://access.redhat.com/errata/RHSA-2013:0533
https://access.redhat.com/errata/RHSA-2013:0953
https://access.redhat.com/security/cve/CVE-2011-2487
https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E
https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E
https://web.archive.org/web/20210122063156/http://www.securityfocus.com/bid/57549
http://rhn.redhat.com/errata/RHSA-2013-0193.html

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Package

Affected versions

Patched versions

Description

References

Severity

CVSS base metrics

Weaknesses

CVE ID

GHSA ID

Source code