Red Hat Security Advisory 2013-0569-01 - JBoss Enterprise SOA Platform is the next-generation ESB and business process automation infrastructure. JBoss Enterprise Portal Platform is the open source implementation of the Java EE suite of services and Portal services running atop JBoss Enterprise Application Platform. An attack technique was found against the W3C XML Encryption Standard when block ciphers were used in cipher-block chaining mode. A remote attacker could use this flaw to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram by examining the differences between SOAP responses sent from JBoss Web Services.
2587795973b4187dc98f0e3534f371af6311704b4e1d0fe7f9329c9f572d2026Red Hat Security Advisory 2013-0261-01 - JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. An attack technique was found against the W3C XML Encryption Standard when block ciphers were used in cipher-block chaining mode. A remote attacker could use this flaw to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram by examining the differences between SOAP responses sent from JBoss Web Services.
ddfa5837441b7da3bc16065ca28478905fe604e73e77664405893ddffc44a360Red Hat Security Advisory 2013-0221-01 - An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. JBoss Web Services leaked side-channel data when distributing symmetric keys, allowing a remote attacker to recover the entire plain text form of a symmetric key. Various other issues were also addressed.
c133995bc80c245088b98a9f6640b2d8a100dbd956d92d7e225fb207bac9f70cRed Hat Security Advisory 2013-0196-01 - An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. JBoss Web Services leaked side-channel data when distributing symmetric keys, allowing a remote attacker to recover the entire plain text form of a symmetric key. Spring framework could possibly evaluate Expression Language expressions twice, allowing a remote attacker to execute arbitrary code in the context of the application server, or to obtain sensitive information from the server. Manual action is required to apply this fix.
2f420dc5393c68f141cd8470fbff93566527c142e6919016b8d51d958b72e142Red Hat Security Advisory 2013-0198-01 - An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. JBoss Web Services leaked side-channel data when distributing symmetric keys, allowing a remote attacker to recover the entire plain text form of a symmetric key. Spring framework could possibly evaluate Expression Language expressions twice, allowing a remote attacker to execute arbitrary code in the context of the application server, or to obtain sensitive information from the server. Manual action is required to apply this fix.
30193e7918c18174e09b0fc9317ff36e69fa478524e48a046aad05faefd491bdRed Hat Security Advisory 2013-0193-01 - An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. JBoss Web Services leaked side-channel data when distributing symmetric keys, allowing a remote attacker to recover the entire plain text form of a symmetric key. Spring framework could possibly evaluate Expression Language expressions twice, allowing a remote attacker to execute arbitrary code in the context of the application server, or to obtain sensitive information from the server. Manual action is required to apply this fix.
203d4183f97a0b72534165eefaad1051ab80c5b6e961528dfdb812f736af75d9Red Hat Security Advisory 2013-0197-01 - An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. JBoss Web Services leaked side-channel data when distributing symmetric keys, allowing a remote attacker to recover the entire plain text form of a symmetric key. Spring framework could possibly evaluate Expression Language expressions twice, allowing a remote attacker to execute arbitrary code in the context of the application server, or to obtain sensitive information from the server. Manual action is required to apply this fix.
d097fde655669dd117b8c1860e4328722d06635f85f615a47f270510adf54dffRed Hat Security Advisory 2013-0194-01 - An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. JBoss Web Services leaked side-channel data when distributing symmetric keys, allowing a remote attacker to recover the entire plain text form of a symmetric key. Spring framework could possibly evaluate Expression Language expressions twice, allowing a remote attacker to execute arbitrary code in the context of the application server, or to obtain sensitive information from the server. Manual action is required to apply this fix.
751484bde4f1d4f095ab8daed96a50cce4a169426c1d76fcee30df63f7518f50Red Hat Security Advisory 2013-0195-01 - An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. JBoss Web Services leaked side-channel data when distributing symmetric keys, allowing a remote attacker to recover the entire plain text form of a symmetric key. Spring framework could possibly evaluate Expression Language expressions twice, allowing a remote attacker to execute arbitrary code in the context of the application server, or to obtain sensitive information from the server. Manual action is required to apply this fix.
8b8aad75ccadcdd4a085ff3236bb83492d636516074fac3d37e0f2b2765dad09Red Hat Security Advisory 2013-0192-01 - An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. JBoss Web Services leaked side-channel data when distributing symmetric keys, allowing a remote attacker to recover the entire plain text form of a symmetric key. Spring framework could possibly evaluate Expression Language expressions twice, allowing a remote attacker to execute arbitrary code in the context of the application server, or to obtain sensitive information from the server. Manual action is required to apply this fix.
decf7b548527298e14368750ef10bad42cfe81748596c00c8a51d19ab1bd60eeRed Hat Security Advisory 2013-0191-01 - An attack technique against the W3C XML Encryption Standard when block ciphers were used in CBC mode could allow a remote attacker to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram. JBoss Web Services leaked side-channel data when distributing symmetric keys, allowing a remote attacker to recover the entire plain text form of a symmetric key. Spring framework could possibly evaluate Expression Language expressions twice, allowing a remote attacker to execute arbitrary code in the context of the application server, or to obtain sensitive information from the server. Manual action is required to apply this fix.
0118f719b859c9ded96e3c08f5bd52ca98c57d394f73c70376f8c790151e7a7fRed Hat Security Advisory 2012-1344-01 - JBoss Enterprise Portal Platform is the open source implementation of the Java EE suite of services and Portal services running atop JBoss Enterprise Application Platform. It comprises a set of offerings for enterprise customers who are looking for pre-configured profiles of JBoss Enterprise Middleware components that have been tested and certified together to provide an integrated experience. An attack technique was found against the W3C XML Encryption Standard when block ciphers were used in cipher-block chaining mode. A remote attacker could use this flaw to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram by examining the differences between SOAP responses sent from JBoss Web Services.
ea965db75ccab2bc911e17e369001d135c14c39a71c3d7f46b9a1ff0db688bceRed Hat Security Advisory 2012-1330-01 - JBoss Enterprise SOA Platform is the next-generation ESB and business process automation infrastructure. JBoss Enterprise SOA Platform allows IT to leverage existing, modern, and future integration methodologies to dramatically improve business process execution speed and quality. An attack technique was found against the W3C XML Encryption Standard when block ciphers were used in cipher-block chaining mode. A remote attacker could use this flaw to conduct chosen-ciphertext attacks, leading to the recovery of the entire plain text of a particular cryptogram by examining the differences between SOAP responses sent from JBoss Web Services.
b0660d2da235050da4ecdda2095a5a9f1d32bfeb0603f49dd5d66237d4f1ccd9
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed