medium
5
CWE
310 327
Advisory Published
CVE Published
CVE Published
Updated

CVE-2011-1096

First published: Thu Mar 03 2011(Updated: )

The W3C XML Encryption Standard, as used in the JBoss Web Services (JBossWS) component in JBoss Enterprise Portal Platform before 5.2.2 and other products, when using block ciphers in cipher-block chaining (CBC) mode, allows remote attackers to obtain plaintext data via a chosen-ciphertext attack on SOAP responses, aka "character encoding pattern attack."

Credit: secalert@redhat.com

Affected SoftwareAffected VersionHow to fix
redhat/aopalliance<0:1.0-5.2.jdk6.ep5.el5
0:1.0-5.2.jdk6.ep5.el5
redhat/apache-cxf<0:2.2.12-6.1.patch_04.ep5.el5
0:2.2.12-6.1.patch_04.ep5.el5
redhat/bsh2<0:2.0-0.b4.15.1.patch01.ep5.el5
0:2.0-0.b4.15.1.patch01.ep5.el5
redhat/glassfish-jaxb<0:2.1.12-12_patch_03.ep5.el5
0:2.1.12-12_patch_03.ep5.el5
redhat/google-guice<0:2.0-3.ep5.el5
0:2.0-3.ep5.el5
redhat/hibernate3<1:3.3.2-1.5.GA_CP05.ep5.el5
1:3.3.2-1.5.GA_CP05.ep5.el5
redhat/hibernate3-annotations<0:3.4.0-3.3.GA_CP05.ep5.el5
0:3.4.0-3.3.GA_CP05.ep5.el5
redhat/hibernate3-entitymanager<0:3.4.0-4.4.GA_CP05.ep5.el5
0:3.4.0-4.4.GA_CP05.ep5.el5
redhat/hibernate3-search<0:3.1.1-2.4.GA_CP05.ep5.el5
0:3.1.1-2.4.GA_CP05.ep5.el5
redhat/jacorb-jboss<0:2.3.2-2.jboss_1.ep5.el5
0:2.3.2-2.jboss_1.ep5.el5
redhat/javassist<0:3.12.0-6.SP1.ep5.el5
0:3.12.0-6.SP1.ep5.el5
redhat/jboss-aop2<0:2.1.6-5.CP06.ep5.el5
0:2.1.6-5.CP06.ep5.el5
redhat/jbossas-web<0:5.2.0-8.ep5.el5
0:5.2.0-8.ep5.el5
redhat/jbossas-web-tp-licenses<0:5.2.0-7.ep5.el5
0:5.2.0-7.ep5.el5
redhat/jbossas-ws-cxf-ewp<0:5.2.0-7.ep5.el5
0:5.2.0-7.ep5.el5
redhat/jboss-bootstrap<0:1.0.2-1.ep5.el5
0:1.0.2-1.ep5.el5
redhat/jboss-cache-core<0:3.2.11-1.GA.ep5.el5
0:3.2.11-1.GA.ep5.el5
redhat/jboss-cache-pojo<0:3.0.1-1.1.ep5.el5
0:3.0.1-1.1.ep5.el5
redhat/jboss-cl<0:2.0.11-1.GA.ep5.el5
0:2.0.11-1.GA.ep5.el5
redhat/jboss-cluster-ha-server-api<0:1.2.1-2.ep5.el5
0:1.2.1-2.ep5.el5
redhat/jboss-common-beans<0:1.0.1-2.1.Final.ep5.el5
0:1.0.1-2.1.Final.ep5.el5
redhat/jboss-common-core<0:2.2.21-1.ep5.el5
0:2.2.21-1.ep5.el5
redhat/jboss-eap5-native<0:5.2.0-6.ep5.el5
0:5.2.0-6.ep5.el5
redhat/jboss-ejb3-cache<0:1.0.0-4.ep5.el5
0:1.0.0-4.ep5.el5
redhat/jboss-ejb3-core<0:1.3.9-0.4.ep5.el5
0:1.3.9-0.4.ep5.el5
redhat/jboss-ejb3-ext-api<0:1.0.0-4.1.ep5.el5
0:1.0.0-4.1.ep5.el5
redhat/jboss-ejb3-ext-api-impl<0:1.0.0-3.7.ep5.el5
0:1.0.0-3.7.ep5.el5
redhat/jboss-ejb3-interceptors<0:1.0.9-0.1.ep5.el5
0:1.0.9-0.1.ep5.el5
redhat/jboss-ejb3-metadata<0:1.0.0-3.ep5.el5
0:1.0.0-3.ep5.el5
redhat/jboss-ejb3-metrics-deployer<0:1.1.1-0.1.ep5.el5
0:1.1.1-0.1.ep5.el5
redhat/jboss-ejb3-security<0:1.0.2-0.5.ep5.el5
0:1.0.2-0.5.ep5.el5
redhat/jboss-ejb3-timeout<0:0.1.1-0.5.ep5.el5
0:0.1.1-0.5.ep5.el5
redhat/jboss-ejb3-transactions<0:1.0.2-1.4.ep5.el5
0:1.0.2-1.4.ep5.el5
redhat/jboss-javaee<0:5.0.2-2.ep5.el5
0:5.0.2-2.ep5.el5
redhat/jboss-jpa-deployers<0:1.0.0-6.1SP2.ep5.el5
0:1.0.0-6.1SP2.ep5.el5
redhat/jboss-logmanager<0:1.1.2-6.GA_patch_01.ep5.el5
0:1.1.2-6.GA_patch_01.ep5.el5
redhat/jboss-naming<0:5.0.3-5.1.CP02.ep5.el5
0:5.0.3-5.1.CP02.ep5.el5
redhat/jboss-reflect<0:2.0.4-2.1.ep5.el5
0:2.0.4-2.1.ep5.el5
redhat/jboss-remoting<0:2.5.4-10.SP4.1.ep5.el5
0:2.5.4-10.SP4.1.ep5.el5
redhat/jboss-seam2<0:2.2.6.EAP5-10.ep5.el5
0:2.2.6.EAP5-10.ep5.el5
redhat/jboss-security-negotiation<0:2.1.3-1.GA.ep5.el5
0:2.1.3-1.GA.ep5.el5
redhat/jboss-security-spi<1:2.0.5-4.SP3_1.ep5.el5
1:2.0.5-4.SP3_1.ep5.el5
redhat/jbosssx2<0:2.0.5-8.SP3_1.ep5.el5
0:2.0.5-8.SP3_1.ep5.el5
redhat/jbossts<1:4.6.1-12.CP13.8.ep5.el5
1:4.6.1-12.CP13.8.ep5.el5
redhat/jboss-vfs2<0:2.2.1-4.GA.ep5.el5
0:2.2.1-4.GA.ep5.el5
redhat/jbossweb<0:2.1.13-2_patch_01.ep5.el5
0:2.1.13-2_patch_01.ep5.el5
redhat/jbossws<0:3.1.2-13.SP15_patch_01.ep5.el5
0:3.1.2-13.SP15_patch_01.ep5.el5
redhat/jbossws-common<0:1.1.0-9.SP10.ep5.el5
0:1.1.0-9.SP10.ep5.el5
redhat/jbossws-framework<0:3.1.2-9.SP13.ep5.el5
0:3.1.2-9.SP13.ep5.el5
redhat/jbossws-spi<0:1.1.2-6.SP8.ep5.el5
0:1.1.2-6.SP8.ep5.el5
redhat/jgroups<1:2.6.22-1.ep5.el5
1:2.6.22-1.ep5.el5
redhat/jopr-embedded<0:1.3.4-19.SP6.9.ep5.el5
0:1.3.4-19.SP6.9.ep5.el5
redhat/jopr-hibernate-plugin<0:3.0.0-14.EmbJopr5.ep5.el5
0:3.0.0-14.EmbJopr5.ep5.el5
redhat/jopr-jboss-as<5-plugin-0:3.0.0-14.EmbJopr5.ep5.el5
5-plugin-0:3.0.0-14.EmbJopr5.ep5.el5
redhat/jopr-jboss-cache-v3-plugin<0:3.0.0-15.EmbJopr5.ep5.el5
0:3.0.0-15.EmbJopr5.ep5.el5
redhat/picketlink-federation<0:2.1.5-3.ep5.el5
0:2.1.5-3.ep5.el5
redhat/picketlink-quickstarts<0:2.1.5-1.ep5.el5
0:2.1.5-1.ep5.el5
redhat/resteasy<0:1.2.1-18.CP02_patch02.1.ep5.el5
0:1.2.1-18.CP02_patch02.1.ep5.el5
redhat/rh-ewp-docs<0:5.2.0-6.ep5.el5
0:5.2.0-6.ep5.el5
redhat/rhq<0:3.0.0-21.EmbJopr5.ep5.el5
0:3.0.0-21.EmbJopr5.ep5.el5
redhat/rhq-jmx-plugin<0:3.0.0-21.EmbJopr5.ep5.el5
0:3.0.0-21.EmbJopr5.ep5.el5
redhat/rhq-platform-plugin<0:3.0.0-14.EmbJopr5.ep5.el5
0:3.0.0-14.EmbJopr5.ep5.el5
redhat/spring2<0:2.5.6-9.SEC03.1.ep5.el5
0:2.5.6-9.SEC03.1.ep5.el5
redhat/wss4j<0:1.5.12-4.1_patch_02.ep5.el5
0:1.5.12-4.1_patch_02.ep5.el5
redhat/xerces-j2<0:2.9.1-10.patch02.ep5.el5
0:2.9.1-10.patch02.ep5.el5
redhat/xml-commons<0:1.3.04-8.2_patch_01.ep5.el5
0:1.3.04-8.2_patch_01.ep5.el5
redhat/xml-security<0:1.5.1-2.ep5.el5
0:1.5.1-2.ep5.el5
redhat/aopalliance<0:1.0-5.3.ep5.el6
0:1.0-5.3.ep5.el6
redhat/apache-cxf<0:2.2.12-6.1.patch_04.ep5.el6
0:2.2.12-6.1.patch_04.ep5.el6
redhat/bsh2<0:2.0-0.b4.15.patch01.ep5.el6
0:2.0-0.b4.15.patch01.ep5.el6
redhat/glassfish-jaxb<0:2.1.12-12_patch_03.ep5.el6
0:2.1.12-12_patch_03.ep5.el6
redhat/google-guice<0:2.0-3.ep5.el6
0:2.0-3.ep5.el6
redhat/hibernate3<1:3.3.2-1.9.GA_CP05.ep5.el6
1:3.3.2-1.9.GA_CP05.ep5.el6
redhat/hibernate3-annotations<0:3.4.0-3.6.GA_CP05.ep5.el6
0:3.4.0-3.6.GA_CP05.ep5.el6
redhat/hibernate3-entitymanager<0:3.4.0-4.5.GA_CP05.ep5.el6
0:3.4.0-4.5.GA_CP05.ep5.el6
redhat/hibernate3-search<0:3.1.1-2.5.GA_CP05.ep5.el6
0:3.1.1-2.5.GA_CP05.ep5.el6
redhat/hsqldb<2:1.8.0.10-11_patch_01.1.ep5.el6
2:1.8.0.10-11_patch_01.1.ep5.el6
redhat/jacorb-jboss<0:2.3.2-2.jboss_1.ep5.el6
0:2.3.2-2.jboss_1.ep5.el6
redhat/javassist<0:3.12.0-6.SP1.ep5.el6
0:3.12.0-6.SP1.ep5.el6
redhat/jboss-aop2<0:2.1.6-5.CP06.ep5.el6
0:2.1.6-5.CP06.ep5.el6
redhat/jbossas-web<0:5.2.0-16.ep5.el6
0:5.2.0-16.ep5.el6
redhat/jbossas-web-tp-licenses<0:5.2.0-8.ep5.el6
0:5.2.0-8.ep5.el6
redhat/jbossas-ws-cxf-ewp<0:5.2.0-11.ep5.el6
0:5.2.0-11.ep5.el6
redhat/jboss-bootstrap<0:1.0.2-1.ep5.el6
0:1.0.2-1.ep5.el6
redhat/jboss-cache-core<0:3.2.11-1.GA.ep5.el6
0:3.2.11-1.GA.ep5.el6
redhat/jboss-cache-pojo<0:3.0.1-1.ep5.el6
0:3.0.1-1.ep5.el6
redhat/jboss-cl<0:2.0.11-4.GA.ep5.el6
0:2.0.11-4.GA.ep5.el6
redhat/jboss-cluster-ha-server-api<0:1.2.1-2.ep5.el6
0:1.2.1-2.ep5.el6
redhat/jboss-common-beans<0:1.0.1-2.Final.ep5.el6
0:1.0.1-2.Final.ep5.el6
redhat/jboss-common-core<0:2.2.21-1.ep5.el6
0:2.2.21-1.ep5.el6
redhat/jboss-eap5-native<0:5.2.0-6.ep5.el6
0:5.2.0-6.ep5.el6
redhat/jboss-ejb3-cache<0:1.0.0-4.ep5.el6
0:1.0.0-4.ep5.el6
redhat/jboss-ejb3-core<0:1.3.9-0.4.ep5.el6
0:1.3.9-0.4.ep5.el6
redhat/jboss-ejb3-ext-api<0:1.0.0-4.1.ep5.el6
0:1.0.0-4.1.ep5.el6
redhat/jboss-ejb3-ext-api-impl<0:1.0.0-3.7.ep5.el6
0:1.0.0-3.7.ep5.el6
redhat/jboss-ejb3-interceptors<0:1.0.9-0.2.ep5.el6
0:1.0.9-0.2.ep5.el6
redhat/jboss-ejb3-metadata<0:1.0.0-3.ep5.el6
0:1.0.0-3.ep5.el6
redhat/jboss-ejb3-metrics-deployer<0:1.1.1-0.1.ep5.el6
0:1.1.1-0.1.ep5.el6
redhat/jboss-ejb3-security<0:1.0.2-0.5.ep5.el6
0:1.0.2-0.5.ep5.el6
redhat/jboss-ejb3-timeout<0:0.1.1-0.8.ep5.el6
0:0.1.1-0.8.ep5.el6
redhat/jboss-ejb3-transactions<0:1.0.2-1.6.ep5.el6
0:1.0.2-1.6.ep5.el6
redhat/jboss-javaee<0:5.0.2-2.ep5.el6
0:5.0.2-2.ep5.el6
redhat/jboss-jpa-deployers<0:1.0.0-6.SP2.ep5.el6
0:1.0.0-6.SP2.ep5.el6
redhat/jboss-logmanager<0:1.1.2-6.GA_patch_01.ep5.el6
0:1.1.2-6.GA_patch_01.ep5.el6
redhat/jboss-naming<0:5.0.3-5.CP02.ep5.el6
0:5.0.3-5.CP02.ep5.el6
redhat/jboss-reflect<0:2.0.4-2.ep5.el6
0:2.0.4-2.ep5.el6
redhat/jboss-remoting<0:2.5.4-10.SP4.1.ep5.el6
0:2.5.4-10.SP4.1.ep5.el6
redhat/jboss-seam2<0:2.2.6.EAP5-14.ep5.el6
0:2.2.6.EAP5-14.ep5.el6
redhat/jboss-security-negotiation<0:2.1.3-1.GA.ep5.el6
0:2.1.3-1.GA.ep5.el6
redhat/jboss-security-spi<1:2.0.5-4.SP3_1.ep5.el6
1:2.0.5-4.SP3_1.ep5.el6
redhat/jbosssx2<0:2.0.5-8.3.SP3_1.ep5.el6
0:2.0.5-8.3.SP3_1.ep5.el6
redhat/jbossts<1:4.6.1-12.CP13.7.ep5.el6
1:4.6.1-12.CP13.7.ep5.el6
redhat/jboss-vfs2<0:2.2.1-4.GA.ep5.el6
0:2.2.1-4.GA.ep5.el6
redhat/jbossweb<0:2.1.13-2_patch_01.ep5.el6
0:2.1.13-2_patch_01.ep5.el6
redhat/jbossws<0:3.1.2-13.SP15_patch_01.ep5.el6
0:3.1.2-13.SP15_patch_01.ep5.el6
redhat/jbossws-common<0:1.1.0-9.SP10.ep5.el6
0:1.1.0-9.SP10.ep5.el6
redhat/jbossws-framework<0:3.1.2-9.SP13.ep5.el6
0:3.1.2-9.SP13.ep5.el6
redhat/jbossws-spi<0:1.1.2-6.SP8.ep5.el6
0:1.1.2-6.SP8.ep5.el6
redhat/jgroups<1:2.6.22-1.ep5.el6
1:2.6.22-1.ep5.el6
redhat/jopr-embedded<0:1.3.4-19.SP6.9.ep5.el6
0:1.3.4-19.SP6.9.ep5.el6
redhat/jopr-hibernate-plugin<0:3.0.0-14.EmbJopr5.ep5.el6
0:3.0.0-14.EmbJopr5.ep5.el6
redhat/jopr-jboss-as<5-plugin-0:3.0.0-16.EmbJopr5.ep5.el6
5-plugin-0:3.0.0-16.EmbJopr5.ep5.el6
redhat/jopr-jboss-cache-v3-plugin<0:3.0.0-15.EmbJopr5.ep5.el6
0:3.0.0-15.EmbJopr5.ep5.el6
redhat/picketlink-federation<0:2.1.5-3.ep5.el6
0:2.1.5-3.ep5.el6
redhat/picketlink-quickstarts<0:2.1.5-1.ep5.el6
0:2.1.5-1.ep5.el6
redhat/resteasy<0:1.2.1-17.CP02_patch02.1.ep5.el6
0:1.2.1-17.CP02_patch02.1.ep5.el6
redhat/rh-ewp-docs<0:5.2.0-11.ep5.el6
0:5.2.0-11.ep5.el6
redhat/rhq<0:3.0.0-21.EmbJopr5.ep5.el6
0:3.0.0-21.EmbJopr5.ep5.el6
redhat/rhq-jmx-plugin<0:3.0.0-21.EmbJopr5.ep5.el6
0:3.0.0-21.EmbJopr5.ep5.el6
redhat/rhq-platform-plugin<0:3.0.0-14.EmbJopr5.ep5.el6
0:3.0.0-14.EmbJopr5.ep5.el6
redhat/spring2<0:2.5.6-9.SEC03.1.ep5.el6
0:2.5.6-9.SEC03.1.ep5.el6
redhat/wss4j<0:1.5.12-4_patch_02.ep5.el6
0:1.5.12-4_patch_02.ep5.el6
redhat/xerces-j2<0:2.9.1-10.patch02.ep5.el6
0:2.9.1-10.patch02.ep5.el6
redhat/xml-commons<0:1.3.04-8.2_patch_01.ep5.el6
0:1.3.04-8.2_patch_01.ep5.el6
redhat/xml-security<0:1.5.1-2.ep5.el6
0:1.5.1-2.ep5.el6
redhat/aopalliance<0:1.0-5.2.jdk6.ep5.el4
0:1.0-5.2.jdk6.ep5.el4
redhat/apache-cxf<0:2.2.12-6.1.patch_04.ep5.el4
0:2.2.12-6.1.patch_04.ep5.el4
redhat/bsh2<0:2.0-0.b4.15.1.patch01.ep5.el4
0:2.0-0.b4.15.1.patch01.ep5.el4
redhat/glassfish-jaxb<0:2.1.12-12_patch_03.ep5.el4
0:2.1.12-12_patch_03.ep5.el4
redhat/google-guice<0:2.0-3.ep5.el4
0:2.0-3.ep5.el4
redhat/hibernate3<1:3.3.2-1.6.GA_CP05.ep5.el4
1:3.3.2-1.6.GA_CP05.ep5.el4
redhat/hibernate3-annotations<0:3.4.0-3.4.GA_CP05.ep5.el4
0:3.4.0-3.4.GA_CP05.ep5.el4
redhat/hibernate3-entitymanager<0:3.4.0-4.4.GA_CP05.ep5.el4
0:3.4.0-4.4.GA_CP05.ep5.el4
redhat/hibernate3-search<0:3.1.1-2.3.GA_CP05.ep5.el4
0:3.1.1-2.3.GA_CP05.ep5.el4
redhat/hornetq<0:2.2.24-1.EAP.GA.ep5.el4
0:2.2.24-1.EAP.GA.ep5.el4
redhat/hornetq-native<0:2.2.20-1.EAP.GA.1.ep5.el4
0:2.2.20-1.EAP.GA.1.ep5.el4
redhat/jacorb-jboss<0:2.3.2-2.jboss_1.ep5.el4
0:2.3.2-2.jboss_1.ep5.el4
redhat/javassist<0:3.12.0-6.SP1.ep5.el4
0:3.12.0-6.SP1.ep5.el4
redhat/jboss-aop2<0:2.1.6-5.CP06.ep5.el4
0:2.1.6-5.CP06.ep5.el4
redhat/jbossas<0:5.2.0-14.ep5.el4
0:5.2.0-14.ep5.el4
redhat/jbossas-hornetq<0:5.2.0-6.ep5.el4
0:5.2.0-6.ep5.el4
redhat/jbossas-tp-licenses<0:5.2.0-7.ep5.el4
0:5.2.0-7.ep5.el4
redhat/jbossas-ws-cxf<0:5.2.0-8.ep5.el4
0:5.2.0-8.ep5.el4
redhat/jboss-bootstrap<0:1.0.2-1.ep5.el4
0:1.0.2-1.ep5.el4
redhat/jboss-cache-core<0:3.2.11-1.GA.ep5.el4
0:3.2.11-1.GA.ep5.el4
redhat/jboss-cache-pojo<0:3.0.1-1.1.ep5.el4
0:3.0.1-1.1.ep5.el4
redhat/jboss-cl<0:2.0.11-1.GA.ep5.el4
0:2.0.11-1.GA.ep5.el4
redhat/jboss-cluster-ha-server-api<0:1.2.1-2.ep5.el4
0:1.2.1-2.ep5.el4
redhat/jboss-common-beans<0:1.0.1-2.1.Final.ep5.el4
0:1.0.1-2.1.Final.ep5.el4
redhat/jboss-common-core<0:2.2.21-1.ep5.el4
0:2.2.21-1.ep5.el4
redhat/jboss-eap5-native<0:5.2.0-6.ep5.el4
0:5.2.0-6.ep5.el4
redhat/jboss-ejb3-cache<0:1.0.0-4.ep5.el4
0:1.0.0-4.ep5.el4
redhat/jboss-ejb3-core<0:1.3.9-0.4.ep5.el4
0:1.3.9-0.4.ep5.el4
redhat/jboss-ejb3-ext-api<0:1.0.0-4.1.ep5.el4
0:1.0.0-4.1.ep5.el4
redhat/jboss-ejb3-ext-api-impl<0:1.0.0-3.7.ep5.el4
0:1.0.0-3.7.ep5.el4
redhat/jboss-ejb3-interceptors<0:1.0.9-0.1.ep5.el4
0:1.0.9-0.1.ep5.el4
redhat/jboss-ejb3-metadata<0:1.0.0-3.ep5.el4
0:1.0.0-3.ep5.el4
redhat/jboss-ejb3-metrics-deployer<0:1.1.1-0.1.ep5.el4
0:1.1.1-0.1.ep5.el4
redhat/jboss-ejb3-security<0:1.0.2-0.5.ep5.el4
0:1.0.2-0.5.ep5.el4
redhat/jboss-ejb3-timeout<0:0.1.1-0.5.ep5.el4
0:0.1.1-0.5.ep5.el4
redhat/jboss-ejb3-transactions<0:1.0.2-1.4.ep5.el4
0:1.0.2-1.4.ep5.el4
redhat/jboss-javaee<0:5.0.2-2.ep5.el4
0:5.0.2-2.ep5.el4
redhat/jboss-jpa-deployers<0:1.0.0-6.SP2.ep5.el4
0:1.0.0-6.SP2.ep5.el4
redhat/jboss-logmanager<0:1.1.2-6.GA_patch_01.ep5.el4
0:1.1.2-6.GA_patch_01.ep5.el4
redhat/jboss-messaging<0:1.4.8-12.SP9.1.ep5.el4
0:1.4.8-12.SP9.1.ep5.el4
redhat/jboss-naming<0:5.0.3-5.CP02.ep5.el4
0:5.0.3-5.CP02.ep5.el4
redhat/jboss-reflect<0:2.0.4-2.1.ep5.el4
0:2.0.4-2.1.ep5.el4
redhat/jboss-remoting<0:2.5.4-10.SP4.1.ep5.el4
0:2.5.4-10.SP4.1.ep5.el4
redhat/jboss-seam2<0:2.2.6.EAP5-9.ep5.el4
0:2.2.6.EAP5-9.ep5.el4
redhat/jboss-security-negotiation<0:2.1.3-1.GA.ep5.el4
0:2.1.3-1.GA.ep5.el4
redhat/jboss-security-spi<1:2.0.5-4.SP3_1.ep5.el4
1:2.0.5-4.SP3_1.ep5.el4
redhat/jbosssx2<0:2.0.5-8.3.SP3_1.ep5.el4
0:2.0.5-8.3.SP3_1.ep5.el4
redhat/jbossts<1:4.6.1-12.CP13.8.ep5.el4
1:4.6.1-12.CP13.8.ep5.el4
redhat/jboss-vfs2<0:2.2.1-2.GA.ep5.el4
0:2.2.1-2.GA.ep5.el4
redhat/jbossweb<0:2.1.13-2_patch_01.ep5.el4
0:2.1.13-2_patch_01.ep5.el4
redhat/jbossws<0:3.1.2-13.SP15_patch_01.ep5.el4
0:3.1.2-13.SP15_patch_01.ep5.el4
redhat/jbossws-common<0:1.1.0-9.SP10.ep5.el4
0:1.1.0-9.SP10.ep5.el4
redhat/jbossws-framework<0:3.1.2-9.SP13.ep5.el4
0:3.1.2-9.SP13.ep5.el4
redhat/jbossws-spi<0:1.1.2-6.SP8.ep5.el4
0:1.1.2-6.SP8.ep5.el4
redhat/jgroups<1:2.6.22-1.ep5.el4
1:2.6.22-1.ep5.el4
redhat/jopr-embedded<0:1.3.4-19.SP6.9.ep5.el4
0:1.3.4-19.SP6.9.ep5.el4
redhat/jopr-hibernate-plugin<0:3.0.0-14.EmbJopr5.ep5.el4
0:3.0.0-14.EmbJopr5.ep5.el4
redhat/jopr-jboss-as<5-plugin-0:3.0.0-15.EmbJopr5.ep5.el4
5-plugin-0:3.0.0-15.EmbJopr5.ep5.el4
redhat/jopr-jboss-cache-v3-plugin<0:3.0.0-15.EmbJopr5.ep5.el4
0:3.0.0-15.EmbJopr5.ep5.el4
redhat/netty<0:3.2.5-6.ep5.el4
0:3.2.5-6.ep5.el4
redhat/picketlink-federation<0:2.1.5-3.ep5.el4
0:2.1.5-3.ep5.el4
redhat/picketlink-quickstarts<0:2.1.5-1.ep5.el4
0:2.1.5-1.ep5.el4
redhat/resteasy<0:1.2.1-18.CP02_patch02.1.ep5.el4
0:1.2.1-18.CP02_patch02.1.ep5.el4
redhat/rh-eap-docs<0:5.2.0-7.ep5.el4
0:5.2.0-7.ep5.el4
redhat/rhq<0:3.0.0-22.EmbJopr5.ep5.el4
0:3.0.0-22.EmbJopr5.ep5.el4
redhat/rhq-jmx-plugin<0:3.0.0-21.EmbJopr5.ep5.el4
0:3.0.0-21.EmbJopr5.ep5.el4
redhat/rhq-platform-plugin<0:3.0.0-15.EmbJopr5.ep5.el4
0:3.0.0-15.EmbJopr5.ep5.el4
redhat/spring2<0:2.5.6-9.SEC03.1.ep5.el4
0:2.5.6-9.SEC03.1.ep5.el4
redhat/wss4j<0:1.5.12-4.2_patch_02.ep5.el4
0:1.5.12-4.2_patch_02.ep5.el4
redhat/xerces-j2<0:2.9.1-10.patch02.ep5.el4
0:2.9.1-10.patch02.ep5.el4
redhat/xml-commons<1:1.3.04-8.2_patch_01.ep5.el4
1:1.3.04-8.2_patch_01.ep5.el4
redhat/xml-security<0:1.5.1-2.ep5.el4
0:1.5.1-2.ep5.el4
redhat/hornetq<0:2.2.24-1.EAP.GA.ep5.el5
0:2.2.24-1.EAP.GA.ep5.el5
redhat/hornetq-native<0:2.2.20-1.EAP.GA.1.ep5.el5
0:2.2.20-1.EAP.GA.1.ep5.el5
redhat/jbossas<0:5.2.0-14.ep5.el5
0:5.2.0-14.ep5.el5
redhat/jbossas-hornetq<0:5.2.0-5.ep5.el5
0:5.2.0-5.ep5.el5
redhat/jbossas-tp-licenses<0:5.2.0-7.ep5.el5
0:5.2.0-7.ep5.el5
redhat/jbossas-ws-cxf<0:5.2.0-7.ep5.el5
0:5.2.0-7.ep5.el5
redhat/jboss-messaging<0:1.4.8-12.SP9.1.ep5.el5
0:1.4.8-12.SP9.1.ep5.el5
redhat/netty<0:3.2.5-6.ep5.el5
0:3.2.5-6.ep5.el5
redhat/rh-eap-docs<0:5.2.0-6.ep5.el5
0:5.2.0-6.ep5.el5
redhat/hornetq<0:2.2.24-1.EAP.GA.ep5.el6
0:2.2.24-1.EAP.GA.ep5.el6
redhat/hornetq-native<0:2.2.20-1.EAP.GA.ep5.el6
0:2.2.20-1.EAP.GA.ep5.el6
redhat/jbossas<0:5.2.0-16.ep5.el6
0:5.2.0-16.ep5.el6
redhat/jbossas-hornetq<0:5.2.0-7.ep5.el6
0:5.2.0-7.ep5.el6
redhat/jbossas-tp-licenses<0:5.2.0-8.ep5.el6
0:5.2.0-8.ep5.el6
redhat/jbossas-ws-cxf<0:5.2.0-10.ep5.el6
0:5.2.0-10.ep5.el6
redhat/jboss-messaging<0:1.4.8-12.SP9.1.ep5.el6
0:1.4.8-12.SP9.1.ep5.el6
redhat/netty<0:3.2.5-6.ep5.el6
0:3.2.5-6.ep5.el6
redhat/rh-eap-docs<0:5.2.0-10.ep5.el6
0:5.2.0-10.ep5.el6
Red Hat JBoss Portal<=5.2.1
Red Hat JBoss Portal=5.0.0
Red Hat JBoss Portal=5.0.1
Red Hat JBoss Portal=5.1.0
Red Hat JBoss Portal=5.1.1
Red Hat JBoss Portal=5.2.0

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

  • What is the severity of CVE-2011-1096?

    CVE-2011-1096 has been categorized with a medium severity level, indicating potential security risks in environments that utilize vulnerable versions of the JBoss Web Services.

  • How do I fix CVE-2011-1096?

    To address CVE-2011-1096, upgrade the affected JBoss components to the recommended versions as specified in the security advisory.

  • What products are affected by CVE-2011-1096?

    CVE-2011-1096 impacts several Red Hat products, including various versions of JBoss Enterprise Portal Platform and JBoss Web Services.

  • Could CVE-2011-1096 lead to data breaches?

    Yes, CVE-2011-1096 could allow an attacker to exploit weaknesses in XML encryption, potentially leading to data exposure.

  • Is there a workaround for CVE-2011-1096?

    At this time, the optimal solution for CVE-2011-1096 is to apply patches or upgrade to safer versions of the software, as no effective workaround is available.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203