Vulnerability in XMLEncryption Key Transport Mechanism in JBossWS and Apache WSS4J
CVE-2011-2487

5.9MEDIUM

Key Information:

Vendor
Apache
Status
WSS4J
JBossWS
Vendor
CVE Published:
11 March 2020

Summary

The key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J is affected by a vulnerability that allows an attacker to execute a Bleichenbacher attack. By exploiting this flaw, an attacker could potentially decrypt sensitive information, which compromises the confidentiality of the data being processed. It is essential for organizations utilizing these products to apply the necessary security patches or updates to mitigate the risks associated with this implementation flaw.

Affected Version(s)

JBossWS unknown

WSS4J before 1.6.5

References

https://bugzilla.redhat.com/show_bug.cgi?id=713539
x_refsource_MISC
https://www.nds.ruhr-uni-bochum.de/research/publications/...
x_refsource_MISC
http://cxf.apache.org/note-on-cve-2011-2487.html
x_refsource_MISC

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.