CVE-2011-2487

CVSS v3.1 5.9 (Medium)

CVSS v2.0 4.3 (Medium)

EPSS 0.64 % (79^th)

Affected Products 10

Advisories 1

The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack.

Weaknesses

CWE-327: Use of a Broken or Risky Cryptographic Algorithm

Related CVEs

CVE-2015-0226

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2020-03-11 16:15:11
(4 years ago)
Updated Date: 2023-02-13 01:19:48
(19 months ago)

Affected Products

Apache

Cxf
Wss4j

Redhat

Configuration #1

	CPE23	From	Up To
Apache Cxf from 2.4.0 version and 2.4.6 and prior versions	cpe:2.3:a:apache:cxf	>= 2.4.0	<= 2.4.6
Apache Cxf from 2.5.0 version and 2.5.2 and prior versions	cpe:2.3:a:apache:cxf	>= 2.5.0	<= 2.5.2
Apache Wss4j prior 1.6.5 version	cpe:2.3:a:apache:wss4j		< 1.6.5

Configuration #2

		CPE23	From	Up To
	Redhat Jboss Business Rules Management System 5.3	cpe:2.3:a:redhat:jboss_business_rules_management_system:5.3
	Redhat Jboss Enterprise Application Platform 5.0.0	cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.0.0
	Redhat Jboss Enterprise Application Platform Text-only Advisories	cpe:2.3:a:redhat:jboss_enterprise_application_platform_text-only_advisories:-
	Redhat Jboss Enterprise Soa Platform 4.2.0	cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.2.0
	Redhat Jboss Enterprise Soa Platform 4.3.0	cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.3.0
	Redhat Jboss Enterprise Web Platform 5.0.0	cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.0.0
	Redhat Jboss Middleware Text-only Advisories	cpe:2.3:a:redhat:jboss_middleware_text-only_advisories:-
	Redhat Jboss Portal 4.0.0	cpe:2.3:a:redhat:jboss_portal:4.0.0
	Redhat Jboss Web Services	cpe:2.3:a:redhat:jboss_web_services:-