CVE-2011-1096
First published: Thu Mar 03 2011(Updated: )
The W3C XML Encryption Standard, as used in the JBoss Web Services (JBossWS) component in JBoss Enterprise Portal Platform before 5.2.2 and other products, when using block ciphers in cipher-block chaining (CBC) mode, allows remote attackers to obtain plaintext data via a chosen-ciphertext attack on SOAP responses, aka "character encoding pattern attack."
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Redhat Jboss Enterprise Portal Platform | =5.0.0 | |
| Redhat Jboss Enterprise Portal Platform | =5.1.1 | |
| Redhat Jboss Enterprise Portal Platform | =5.1.0 | |
| Redhat Jboss Enterprise Portal Platform | <=5.2.1 | |
| Redhat Jboss Enterprise Portal Platform | =5.2.0 | |
| Redhat Jboss Enterprise Portal Platform | =5.0.1 | |
| redhat/aopalliance | <0:1.0-5.2.jdk6.ep5.el5 | 0:1.0-5.2.jdk6.ep5.el5 |
| redhat/apache-cxf | <0:2.2.12-6.1.patch_04.ep5.el5 | 0:2.2.12-6.1.patch_04.ep5.el5 |
| redhat/bsh2 | <0:2.0-0.b4.15.1.patch01.ep5.el5 | 0:2.0-0.b4.15.1.patch01.ep5.el5 |
| redhat/glassfish-jaxb | <0:2.1.12-12_patch_03.ep5.el5 | 0:2.1.12-12_patch_03.ep5.el5 |
| redhat/google-guice | <0:2.0-3.ep5.el5 | 0:2.0-3.ep5.el5 |
| redhat/hibernate3 | <1:3.3.2-1.5.GA_CP05.ep5.el5 | 1:3.3.2-1.5.GA_CP05.ep5.el5 |
| redhat/hibernate3-annotations | <0:3.4.0-3.3.GA_CP05.ep5.el5 | 0:3.4.0-3.3.GA_CP05.ep5.el5 |
| redhat/hibernate3-entitymanager | <0:3.4.0-4.4.GA_CP05.ep5.el5 | 0:3.4.0-4.4.GA_CP05.ep5.el5 |
| redhat/hibernate3-search | <0:3.1.1-2.4.GA_CP05.ep5.el5 | 0:3.1.1-2.4.GA_CP05.ep5.el5 |
| redhat/jacorb-jboss | <0:2.3.2-2.jboss_1.ep5.el5 | 0:2.3.2-2.jboss_1.ep5.el5 |
| redhat/javassist | <0:3.12.0-6.SP1.ep5.el5 | 0:3.12.0-6.SP1.ep5.el5 |
| redhat/jboss-aop2 | <0:2.1.6-5.CP06.ep5.el5 | 0:2.1.6-5.CP06.ep5.el5 |
| redhat/jbossas-web | <0:5.2.0-8.ep5.el5 | 0:5.2.0-8.ep5.el5 |
| redhat/jbossas-web-tp-licenses | <0:5.2.0-7.ep5.el5 | 0:5.2.0-7.ep5.el5 |
| redhat/jbossas-ws-cxf-ewp | <0:5.2.0-7.ep5.el5 | 0:5.2.0-7.ep5.el5 |
| redhat/jboss-bootstrap | <0:1.0.2-1.ep5.el5 | 0:1.0.2-1.ep5.el5 |
| redhat/jboss-cache-core | <0:3.2.11-1.GA.ep5.el5 | 0:3.2.11-1.GA.ep5.el5 |
| redhat/jboss-cache-pojo | <0:3.0.1-1.1.ep5.el5 | 0:3.0.1-1.1.ep5.el5 |
| redhat/jboss-cl | <0:2.0.11-1.GA.ep5.el5 | 0:2.0.11-1.GA.ep5.el5 |
| redhat/jboss-cluster-ha-server-api | <0:1.2.1-2.ep5.el5 | 0:1.2.1-2.ep5.el5 |
| redhat/jboss-common-beans | <0:1.0.1-2.1.Final.ep5.el5 | 0:1.0.1-2.1.Final.ep5.el5 |
| redhat/jboss-common-core | <0:2.2.21-1.ep5.el5 | 0:2.2.21-1.ep5.el5 |
| redhat/jboss-eap5-native | <0:5.2.0-6.ep5.el5 | 0:5.2.0-6.ep5.el5 |
| redhat/jboss-ejb3-cache | <0:1.0.0-4.ep5.el5 | 0:1.0.0-4.ep5.el5 |
| redhat/jboss-ejb3-core | <0:1.3.9-0.4.ep5.el5 | 0:1.3.9-0.4.ep5.el5 |
| redhat/jboss-ejb3-ext-api | <0:1.0.0-4.1.ep5.el5 | 0:1.0.0-4.1.ep5.el5 |
| redhat/jboss-ejb3-ext-api-impl | <0:1.0.0-3.7.ep5.el5 | 0:1.0.0-3.7.ep5.el5 |
| redhat/jboss-ejb3-interceptors | <0:1.0.9-0.1.ep5.el5 | 0:1.0.9-0.1.ep5.el5 |
| redhat/jboss-ejb3-metadata | <0:1.0.0-3.ep5.el5 | 0:1.0.0-3.ep5.el5 |
| redhat/jboss-ejb3-metrics-deployer | <0:1.1.1-0.1.ep5.el5 | 0:1.1.1-0.1.ep5.el5 |
| redhat/jboss-ejb3-security | <0:1.0.2-0.5.ep5.el5 | 0:1.0.2-0.5.ep5.el5 |
| redhat/jboss-ejb3-timeout | <0:0.1.1-0.5.ep5.el5 | 0:0.1.1-0.5.ep5.el5 |
| redhat/jboss-ejb3-transactions | <0:1.0.2-1.4.ep5.el5 | 0:1.0.2-1.4.ep5.el5 |
| redhat/jboss-javaee | <0:5.0.2-2.ep5.el5 | 0:5.0.2-2.ep5.el5 |
| redhat/jboss-jpa-deployers | <0:1.0.0-6.1SP2.ep5.el5 | 0:1.0.0-6.1SP2.ep5.el5 |
| redhat/jboss-logmanager | <0:1.1.2-6.GA_patch_01.ep5.el5 | 0:1.1.2-6.GA_patch_01.ep5.el5 |
| redhat/jboss-naming | <0:5.0.3-5.1.CP02.ep5.el5 | 0:5.0.3-5.1.CP02.ep5.el5 |
| redhat/jboss-reflect | <0:2.0.4-2.1.ep5.el5 | 0:2.0.4-2.1.ep5.el5 |
| redhat/jboss-remoting | <0:2.5.4-10.SP4.1.ep5.el5 | 0:2.5.4-10.SP4.1.ep5.el5 |
| redhat/jboss-seam2 | <0:2.2.6.EAP5-10.ep5.el5 | 0:2.2.6.EAP5-10.ep5.el5 |
| redhat/jboss-security-negotiation | <0:2.1.3-1.GA.ep5.el5 | 0:2.1.3-1.GA.ep5.el5 |
| redhat/jboss-security-spi | <1:2.0.5-4.SP3_1.ep5.el5 | 1:2.0.5-4.SP3_1.ep5.el5 |
| redhat/jbosssx2 | <0:2.0.5-8.SP3_1.ep5.el5 | 0:2.0.5-8.SP3_1.ep5.el5 |
| redhat/jbossts | <1:4.6.1-12.CP13.8.ep5.el5 | 1:4.6.1-12.CP13.8.ep5.el5 |
| redhat/jboss-vfs2 | <0:2.2.1-4.GA.ep5.el5 | 0:2.2.1-4.GA.ep5.el5 |
| redhat/jbossweb | <0:2.1.13-2_patch_01.ep5.el5 | 0:2.1.13-2_patch_01.ep5.el5 |
| redhat/jbossws | <0:3.1.2-13.SP15_patch_01.ep5.el5 | 0:3.1.2-13.SP15_patch_01.ep5.el5 |
| redhat/jbossws-common | <0:1.1.0-9.SP10.ep5.el5 | 0:1.1.0-9.SP10.ep5.el5 |
| redhat/jbossws-framework | <0:3.1.2-9.SP13.ep5.el5 | 0:3.1.2-9.SP13.ep5.el5 |
| redhat/jbossws-spi | <0:1.1.2-6.SP8.ep5.el5 | 0:1.1.2-6.SP8.ep5.el5 |
| redhat/jgroups | <1:2.6.22-1.ep5.el5 | 1:2.6.22-1.ep5.el5 |
| redhat/jopr-embedded | <0:1.3.4-19.SP6.9.ep5.el5 | 0:1.3.4-19.SP6.9.ep5.el5 |
| redhat/jopr-hibernate-plugin | <0:3.0.0-14.EmbJopr5.ep5.el5 | 0:3.0.0-14.EmbJopr5.ep5.el5 |
| redhat/jopr-jboss-as | <5-plugin-0:3.0.0-14.EmbJopr5.ep5.el5 | 5-plugin-0:3.0.0-14.EmbJopr5.ep5.el5 |
| redhat/jopr-jboss-cache-v3-plugin | <0:3.0.0-15.EmbJopr5.ep5.el5 | 0:3.0.0-15.EmbJopr5.ep5.el5 |
| redhat/picketlink-federation | <0:2.1.5-3.ep5.el5 | 0:2.1.5-3.ep5.el5 |
| redhat/picketlink-quickstarts | <0:2.1.5-1.ep5.el5 | 0:2.1.5-1.ep5.el5 |
| redhat/resteasy | <0:1.2.1-18.CP02_patch02.1.ep5.el5 | 0:1.2.1-18.CP02_patch02.1.ep5.el5 |
| redhat/rh-ewp-docs | <0:5.2.0-6.ep5.el5 | 0:5.2.0-6.ep5.el5 |
| redhat/rhq | <0:3.0.0-21.EmbJopr5.ep5.el5 | 0:3.0.0-21.EmbJopr5.ep5.el5 |
| redhat/rhq-jmx-plugin | <0:3.0.0-21.EmbJopr5.ep5.el5 | 0:3.0.0-21.EmbJopr5.ep5.el5 |
| redhat/rhq-platform-plugin | <0:3.0.0-14.EmbJopr5.ep5.el5 | 0:3.0.0-14.EmbJopr5.ep5.el5 |
| redhat/spring2 | <0:2.5.6-9.SEC03.1.ep5.el5 | 0:2.5.6-9.SEC03.1.ep5.el5 |
| redhat/wss4j | <0:1.5.12-4.1_patch_02.ep5.el5 | 0:1.5.12-4.1_patch_02.ep5.el5 |
| redhat/xerces-j2 | <0:2.9.1-10.patch02.ep5.el5 | 0:2.9.1-10.patch02.ep5.el5 |
| redhat/xml-commons | <0:1.3.04-8.2_patch_01.ep5.el5 | 0:1.3.04-8.2_patch_01.ep5.el5 |
| redhat/xml-security | <0:1.5.1-2.ep5.el5 | 0:1.5.1-2.ep5.el5 |
| redhat/aopalliance | <0:1.0-5.3.ep5.el6 | 0:1.0-5.3.ep5.el6 |
| redhat/apache-cxf | <0:2.2.12-6.1.patch_04.ep5.el6 | 0:2.2.12-6.1.patch_04.ep5.el6 |
| redhat/bsh2 | <0:2.0-0.b4.15.patch01.ep5.el6 | 0:2.0-0.b4.15.patch01.ep5.el6 |
| redhat/glassfish-jaxb | <0:2.1.12-12_patch_03.ep5.el6 | 0:2.1.12-12_patch_03.ep5.el6 |
| redhat/google-guice | <0:2.0-3.ep5.el6 | 0:2.0-3.ep5.el6 |
| redhat/hibernate3 | <1:3.3.2-1.9.GA_CP05.ep5.el6 | 1:3.3.2-1.9.GA_CP05.ep5.el6 |
| redhat/hibernate3-annotations | <0:3.4.0-3.6.GA_CP05.ep5.el6 | 0:3.4.0-3.6.GA_CP05.ep5.el6 |
| redhat/hibernate3-entitymanager | <0:3.4.0-4.5.GA_CP05.ep5.el6 | 0:3.4.0-4.5.GA_CP05.ep5.el6 |
| redhat/hibernate3-search | <0:3.1.1-2.5.GA_CP05.ep5.el6 | 0:3.1.1-2.5.GA_CP05.ep5.el6 |
| redhat/hsqldb | <2:1.8.0.10-11_patch_01.1.ep5.el6 | 2:1.8.0.10-11_patch_01.1.ep5.el6 |
| redhat/jacorb-jboss | <0:2.3.2-2.jboss_1.ep5.el6 | 0:2.3.2-2.jboss_1.ep5.el6 |
| redhat/javassist | <0:3.12.0-6.SP1.ep5.el6 | 0:3.12.0-6.SP1.ep5.el6 |
| redhat/jboss-aop2 | <0:2.1.6-5.CP06.ep5.el6 | 0:2.1.6-5.CP06.ep5.el6 |
| redhat/jbossas-web | <0:5.2.0-16.ep5.el6 | 0:5.2.0-16.ep5.el6 |
| redhat/jbossas-web-tp-licenses | <0:5.2.0-8.ep5.el6 | 0:5.2.0-8.ep5.el6 |
| redhat/jbossas-ws-cxf-ewp | <0:5.2.0-11.ep5.el6 | 0:5.2.0-11.ep5.el6 |
| redhat/jboss-bootstrap | <0:1.0.2-1.ep5.el6 | 0:1.0.2-1.ep5.el6 |
| redhat/jboss-cache-core | <0:3.2.11-1.GA.ep5.el6 | 0:3.2.11-1.GA.ep5.el6 |
| redhat/jboss-cache-pojo | <0:3.0.1-1.ep5.el6 | 0:3.0.1-1.ep5.el6 |
| redhat/jboss-cl | <0:2.0.11-4.GA.ep5.el6 | 0:2.0.11-4.GA.ep5.el6 |
| redhat/jboss-cluster-ha-server-api | <0:1.2.1-2.ep5.el6 | 0:1.2.1-2.ep5.el6 |
| redhat/jboss-common-beans | <0:1.0.1-2.Final.ep5.el6 | 0:1.0.1-2.Final.ep5.el6 |
| redhat/jboss-common-core | <0:2.2.21-1.ep5.el6 | 0:2.2.21-1.ep5.el6 |
| redhat/jboss-eap5-native | <0:5.2.0-6.ep5.el6 | 0:5.2.0-6.ep5.el6 |
| redhat/jboss-ejb3-cache | <0:1.0.0-4.ep5.el6 | 0:1.0.0-4.ep5.el6 |
| redhat/jboss-ejb3-core | <0:1.3.9-0.4.ep5.el6 | 0:1.3.9-0.4.ep5.el6 |
| redhat/jboss-ejb3-ext-api | <0:1.0.0-4.1.ep5.el6 | 0:1.0.0-4.1.ep5.el6 |
| redhat/jboss-ejb3-ext-api-impl | <0:1.0.0-3.7.ep5.el6 | 0:1.0.0-3.7.ep5.el6 |
| redhat/jboss-ejb3-interceptors | <0:1.0.9-0.2.ep5.el6 | 0:1.0.9-0.2.ep5.el6 |
| redhat/jboss-ejb3-metadata | <0:1.0.0-3.ep5.el6 | 0:1.0.0-3.ep5.el6 |
| redhat/jboss-ejb3-metrics-deployer | <0:1.1.1-0.1.ep5.el6 | 0:1.1.1-0.1.ep5.el6 |
| redhat/jboss-ejb3-security | <0:1.0.2-0.5.ep5.el6 | 0:1.0.2-0.5.ep5.el6 |
| redhat/jboss-ejb3-timeout | <0:0.1.1-0.8.ep5.el6 | 0:0.1.1-0.8.ep5.el6 |
| redhat/jboss-ejb3-transactions | <0:1.0.2-1.6.ep5.el6 | 0:1.0.2-1.6.ep5.el6 |
| redhat/jboss-javaee | <0:5.0.2-2.ep5.el6 | 0:5.0.2-2.ep5.el6 |
| redhat/jboss-jpa-deployers | <0:1.0.0-6.SP2.ep5.el6 | 0:1.0.0-6.SP2.ep5.el6 |
| redhat/jboss-logmanager | <0:1.1.2-6.GA_patch_01.ep5.el6 | 0:1.1.2-6.GA_patch_01.ep5.el6 |
| redhat/jboss-naming | <0:5.0.3-5.CP02.ep5.el6 | 0:5.0.3-5.CP02.ep5.el6 |
| redhat/jboss-reflect | <0:2.0.4-2.ep5.el6 | 0:2.0.4-2.ep5.el6 |
| redhat/jboss-remoting | <0:2.5.4-10.SP4.1.ep5.el6 | 0:2.5.4-10.SP4.1.ep5.el6 |
| redhat/jboss-seam2 | <0:2.2.6.EAP5-14.ep5.el6 | 0:2.2.6.EAP5-14.ep5.el6 |
| redhat/jboss-security-negotiation | <0:2.1.3-1.GA.ep5.el6 | 0:2.1.3-1.GA.ep5.el6 |
| redhat/jboss-security-spi | <1:2.0.5-4.SP3_1.ep5.el6 | 1:2.0.5-4.SP3_1.ep5.el6 |
| redhat/jbosssx2 | <0:2.0.5-8.3.SP3_1.ep5.el6 | 0:2.0.5-8.3.SP3_1.ep5.el6 |
| redhat/jbossts | <1:4.6.1-12.CP13.7.ep5.el6 | 1:4.6.1-12.CP13.7.ep5.el6 |
| redhat/jboss-vfs2 | <0:2.2.1-4.GA.ep5.el6 | 0:2.2.1-4.GA.ep5.el6 |
| redhat/jbossweb | <0:2.1.13-2_patch_01.ep5.el6 | 0:2.1.13-2_patch_01.ep5.el6 |
| redhat/jbossws | <0:3.1.2-13.SP15_patch_01.ep5.el6 | 0:3.1.2-13.SP15_patch_01.ep5.el6 |
| redhat/jbossws-common | <0:1.1.0-9.SP10.ep5.el6 | 0:1.1.0-9.SP10.ep5.el6 |
| redhat/jbossws-framework | <0:3.1.2-9.SP13.ep5.el6 | 0:3.1.2-9.SP13.ep5.el6 |
| redhat/jbossws-spi | <0:1.1.2-6.SP8.ep5.el6 | 0:1.1.2-6.SP8.ep5.el6 |
| redhat/jgroups | <1:2.6.22-1.ep5.el6 | 1:2.6.22-1.ep5.el6 |
| redhat/jopr-embedded | <0:1.3.4-19.SP6.9.ep5.el6 | 0:1.3.4-19.SP6.9.ep5.el6 |
| redhat/jopr-hibernate-plugin | <0:3.0.0-14.EmbJopr5.ep5.el6 | 0:3.0.0-14.EmbJopr5.ep5.el6 |
| redhat/jopr-jboss-as | <5-plugin-0:3.0.0-16.EmbJopr5.ep5.el6 | 5-plugin-0:3.0.0-16.EmbJopr5.ep5.el6 |
| redhat/jopr-jboss-cache-v3-plugin | <0:3.0.0-15.EmbJopr5.ep5.el6 | 0:3.0.0-15.EmbJopr5.ep5.el6 |
| redhat/picketlink-federation | <0:2.1.5-3.ep5.el6 | 0:2.1.5-3.ep5.el6 |
| redhat/picketlink-quickstarts | <0:2.1.5-1.ep5.el6 | 0:2.1.5-1.ep5.el6 |
| redhat/resteasy | <0:1.2.1-17.CP02_patch02.1.ep5.el6 | 0:1.2.1-17.CP02_patch02.1.ep5.el6 |
| redhat/rh-ewp-docs | <0:5.2.0-11.ep5.el6 | 0:5.2.0-11.ep5.el6 |
| redhat/rhq | <0:3.0.0-21.EmbJopr5.ep5.el6 | 0:3.0.0-21.EmbJopr5.ep5.el6 |
| redhat/rhq-jmx-plugin | <0:3.0.0-21.EmbJopr5.ep5.el6 | 0:3.0.0-21.EmbJopr5.ep5.el6 |
| redhat/rhq-platform-plugin | <0:3.0.0-14.EmbJopr5.ep5.el6 | 0:3.0.0-14.EmbJopr5.ep5.el6 |
| redhat/spring2 | <0:2.5.6-9.SEC03.1.ep5.el6 | 0:2.5.6-9.SEC03.1.ep5.el6 |
| redhat/wss4j | <0:1.5.12-4_patch_02.ep5.el6 | 0:1.5.12-4_patch_02.ep5.el6 |
| redhat/xerces-j2 | <0:2.9.1-10.patch02.ep5.el6 | 0:2.9.1-10.patch02.ep5.el6 |
| redhat/xml-commons | <0:1.3.04-8.2_patch_01.ep5.el6 | 0:1.3.04-8.2_patch_01.ep5.el6 |
| redhat/xml-security | <0:1.5.1-2.ep5.el6 | 0:1.5.1-2.ep5.el6 |
| redhat/aopalliance | <0:1.0-5.2.jdk6.ep5.el4 | 0:1.0-5.2.jdk6.ep5.el4 |
| redhat/apache-cxf | <0:2.2.12-6.1.patch_04.ep5.el4 | 0:2.2.12-6.1.patch_04.ep5.el4 |
| redhat/bsh2 | <0:2.0-0.b4.15.1.patch01.ep5.el4 | 0:2.0-0.b4.15.1.patch01.ep5.el4 |
| redhat/glassfish-jaxb | <0:2.1.12-12_patch_03.ep5.el4 | 0:2.1.12-12_patch_03.ep5.el4 |
| redhat/google-guice | <0:2.0-3.ep5.el4 | 0:2.0-3.ep5.el4 |
| redhat/hibernate3 | <1:3.3.2-1.6.GA_CP05.ep5.el4 | 1:3.3.2-1.6.GA_CP05.ep5.el4 |
| redhat/hibernate3-annotations | <0:3.4.0-3.4.GA_CP05.ep5.el4 | 0:3.4.0-3.4.GA_CP05.ep5.el4 |
| redhat/hibernate3-entitymanager | <0:3.4.0-4.4.GA_CP05.ep5.el4 | 0:3.4.0-4.4.GA_CP05.ep5.el4 |
| redhat/hibernate3-search | <0:3.1.1-2.3.GA_CP05.ep5.el4 | 0:3.1.1-2.3.GA_CP05.ep5.el4 |
| redhat/hornetq | <0:2.2.24-1.EAP.GA.ep5.el4 | 0:2.2.24-1.EAP.GA.ep5.el4 |
| redhat/hornetq-native | <0:2.2.20-1.EAP.GA.1.ep5.el4 | 0:2.2.20-1.EAP.GA.1.ep5.el4 |
| redhat/jacorb-jboss | <0:2.3.2-2.jboss_1.ep5.el4 | 0:2.3.2-2.jboss_1.ep5.el4 |
| redhat/javassist | <0:3.12.0-6.SP1.ep5.el4 | 0:3.12.0-6.SP1.ep5.el4 |
| redhat/jboss-aop2 | <0:2.1.6-5.CP06.ep5.el4 | 0:2.1.6-5.CP06.ep5.el4 |
| redhat/jbossas | <0:5.2.0-14.ep5.el4 | 0:5.2.0-14.ep5.el4 |
| redhat/jbossas-hornetq | <0:5.2.0-6.ep5.el4 | 0:5.2.0-6.ep5.el4 |
| redhat/jbossas-tp-licenses | <0:5.2.0-7.ep5.el4 | 0:5.2.0-7.ep5.el4 |
| redhat/jbossas-ws-cxf | <0:5.2.0-8.ep5.el4 | 0:5.2.0-8.ep5.el4 |
| redhat/jboss-bootstrap | <0:1.0.2-1.ep5.el4 | 0:1.0.2-1.ep5.el4 |
| redhat/jboss-cache-core | <0:3.2.11-1.GA.ep5.el4 | 0:3.2.11-1.GA.ep5.el4 |
| redhat/jboss-cache-pojo | <0:3.0.1-1.1.ep5.el4 | 0:3.0.1-1.1.ep5.el4 |
| redhat/jboss-cl | <0:2.0.11-1.GA.ep5.el4 | 0:2.0.11-1.GA.ep5.el4 |
| redhat/jboss-cluster-ha-server-api | <0:1.2.1-2.ep5.el4 | 0:1.2.1-2.ep5.el4 |
| redhat/jboss-common-beans | <0:1.0.1-2.1.Final.ep5.el4 | 0:1.0.1-2.1.Final.ep5.el4 |
| redhat/jboss-common-core | <0:2.2.21-1.ep5.el4 | 0:2.2.21-1.ep5.el4 |
| redhat/jboss-eap5-native | <0:5.2.0-6.ep5.el4 | 0:5.2.0-6.ep5.el4 |
| redhat/jboss-ejb3-cache | <0:1.0.0-4.ep5.el4 | 0:1.0.0-4.ep5.el4 |
| redhat/jboss-ejb3-core | <0:1.3.9-0.4.ep5.el4 | 0:1.3.9-0.4.ep5.el4 |
| redhat/jboss-ejb3-ext-api | <0:1.0.0-4.1.ep5.el4 | 0:1.0.0-4.1.ep5.el4 |
| redhat/jboss-ejb3-ext-api-impl | <0:1.0.0-3.7.ep5.el4 | 0:1.0.0-3.7.ep5.el4 |
| redhat/jboss-ejb3-interceptors | <0:1.0.9-0.1.ep5.el4 | 0:1.0.9-0.1.ep5.el4 |
| redhat/jboss-ejb3-metadata | <0:1.0.0-3.ep5.el4 | 0:1.0.0-3.ep5.el4 |
| redhat/jboss-ejb3-metrics-deployer | <0:1.1.1-0.1.ep5.el4 | 0:1.1.1-0.1.ep5.el4 |
| redhat/jboss-ejb3-security | <0:1.0.2-0.5.ep5.el4 | 0:1.0.2-0.5.ep5.el4 |
| redhat/jboss-ejb3-timeout | <0:0.1.1-0.5.ep5.el4 | 0:0.1.1-0.5.ep5.el4 |
| redhat/jboss-ejb3-transactions | <0:1.0.2-1.4.ep5.el4 | 0:1.0.2-1.4.ep5.el4 |
| redhat/jboss-javaee | <0:5.0.2-2.ep5.el4 | 0:5.0.2-2.ep5.el4 |
| redhat/jboss-jpa-deployers | <0:1.0.0-6.SP2.ep5.el4 | 0:1.0.0-6.SP2.ep5.el4 |
| redhat/jboss-logmanager | <0:1.1.2-6.GA_patch_01.ep5.el4 | 0:1.1.2-6.GA_patch_01.ep5.el4 |
| redhat/jboss-messaging | <0:1.4.8-12.SP9.1.ep5.el4 | 0:1.4.8-12.SP9.1.ep5.el4 |
| redhat/jboss-naming | <0:5.0.3-5.CP02.ep5.el4 | 0:5.0.3-5.CP02.ep5.el4 |
| redhat/jboss-reflect | <0:2.0.4-2.1.ep5.el4 | 0:2.0.4-2.1.ep5.el4 |
| redhat/jboss-remoting | <0:2.5.4-10.SP4.1.ep5.el4 | 0:2.5.4-10.SP4.1.ep5.el4 |
| redhat/jboss-seam2 | <0:2.2.6.EAP5-9.ep5.el4 | 0:2.2.6.EAP5-9.ep5.el4 |
| redhat/jboss-security-negotiation | <0:2.1.3-1.GA.ep5.el4 | 0:2.1.3-1.GA.ep5.el4 |
| redhat/jboss-security-spi | <1:2.0.5-4.SP3_1.ep5.el4 | 1:2.0.5-4.SP3_1.ep5.el4 |
| redhat/jbosssx2 | <0:2.0.5-8.3.SP3_1.ep5.el4 | 0:2.0.5-8.3.SP3_1.ep5.el4 |
| redhat/jbossts | <1:4.6.1-12.CP13.8.ep5.el4 | 1:4.6.1-12.CP13.8.ep5.el4 |
| redhat/jboss-vfs2 | <0:2.2.1-2.GA.ep5.el4 | 0:2.2.1-2.GA.ep5.el4 |
| redhat/jbossweb | <0:2.1.13-2_patch_01.ep5.el4 | 0:2.1.13-2_patch_01.ep5.el4 |
| redhat/jbossws | <0:3.1.2-13.SP15_patch_01.ep5.el4 | 0:3.1.2-13.SP15_patch_01.ep5.el4 |
| redhat/jbossws-common | <0:1.1.0-9.SP10.ep5.el4 | 0:1.1.0-9.SP10.ep5.el4 |
| redhat/jbossws-framework | <0:3.1.2-9.SP13.ep5.el4 | 0:3.1.2-9.SP13.ep5.el4 |
| redhat/jbossws-spi | <0:1.1.2-6.SP8.ep5.el4 | 0:1.1.2-6.SP8.ep5.el4 |
| redhat/jgroups | <1:2.6.22-1.ep5.el4 | 1:2.6.22-1.ep5.el4 |
| redhat/jopr-embedded | <0:1.3.4-19.SP6.9.ep5.el4 | 0:1.3.4-19.SP6.9.ep5.el4 |
| redhat/jopr-hibernate-plugin | <0:3.0.0-14.EmbJopr5.ep5.el4 | 0:3.0.0-14.EmbJopr5.ep5.el4 |
| redhat/jopr-jboss-as | <5-plugin-0:3.0.0-15.EmbJopr5.ep5.el4 | 5-plugin-0:3.0.0-15.EmbJopr5.ep5.el4 |
| redhat/jopr-jboss-cache-v3-plugin | <0:3.0.0-15.EmbJopr5.ep5.el4 | 0:3.0.0-15.EmbJopr5.ep5.el4 |
| redhat/netty | <0:3.2.5-6.ep5.el4 | 0:3.2.5-6.ep5.el4 |
| redhat/picketlink-federation | <0:2.1.5-3.ep5.el4 | 0:2.1.5-3.ep5.el4 |
| redhat/picketlink-quickstarts | <0:2.1.5-1.ep5.el4 | 0:2.1.5-1.ep5.el4 |
| redhat/resteasy | <0:1.2.1-18.CP02_patch02.1.ep5.el4 | 0:1.2.1-18.CP02_patch02.1.ep5.el4 |
| redhat/rh-eap-docs | <0:5.2.0-7.ep5.el4 | 0:5.2.0-7.ep5.el4 |
| redhat/rhq | <0:3.0.0-22.EmbJopr5.ep5.el4 | 0:3.0.0-22.EmbJopr5.ep5.el4 |
| redhat/rhq-jmx-plugin | <0:3.0.0-21.EmbJopr5.ep5.el4 | 0:3.0.0-21.EmbJopr5.ep5.el4 |
| redhat/rhq-platform-plugin | <0:3.0.0-15.EmbJopr5.ep5.el4 | 0:3.0.0-15.EmbJopr5.ep5.el4 |
| redhat/spring2 | <0:2.5.6-9.SEC03.1.ep5.el4 | 0:2.5.6-9.SEC03.1.ep5.el4 |
| redhat/wss4j | <0:1.5.12-4.2_patch_02.ep5.el4 | 0:1.5.12-4.2_patch_02.ep5.el4 |
| redhat/xerces-j2 | <0:2.9.1-10.patch02.ep5.el4 | 0:2.9.1-10.patch02.ep5.el4 |
| redhat/xml-commons | <1:1.3.04-8.2_patch_01.ep5.el4 | 1:1.3.04-8.2_patch_01.ep5.el4 |
| redhat/xml-security | <0:1.5.1-2.ep5.el4 | 0:1.5.1-2.ep5.el4 |
| redhat/hornetq | <0:2.2.24-1.EAP.GA.ep5.el5 | 0:2.2.24-1.EAP.GA.ep5.el5 |
| redhat/hornetq-native | <0:2.2.20-1.EAP.GA.1.ep5.el5 | 0:2.2.20-1.EAP.GA.1.ep5.el5 |
| redhat/jbossas | <0:5.2.0-14.ep5.el5 | 0:5.2.0-14.ep5.el5 |
| redhat/jbossas-hornetq | <0:5.2.0-5.ep5.el5 | 0:5.2.0-5.ep5.el5 |
| redhat/jbossas-tp-licenses | <0:5.2.0-7.ep5.el5 | 0:5.2.0-7.ep5.el5 |
| redhat/jbossas-ws-cxf | <0:5.2.0-7.ep5.el5 | 0:5.2.0-7.ep5.el5 |
| redhat/jboss-messaging | <0:1.4.8-12.SP9.1.ep5.el5 | 0:1.4.8-12.SP9.1.ep5.el5 |
| redhat/netty | <0:3.2.5-6.ep5.el5 | 0:3.2.5-6.ep5.el5 |
| redhat/rh-eap-docs | <0:5.2.0-6.ep5.el5 | 0:5.2.0-6.ep5.el5 |
| redhat/hornetq | <0:2.2.24-1.EAP.GA.ep5.el6 | 0:2.2.24-1.EAP.GA.ep5.el6 |
| redhat/hornetq-native | <0:2.2.20-1.EAP.GA.ep5.el6 | 0:2.2.20-1.EAP.GA.ep5.el6 |
| redhat/jbossas | <0:5.2.0-16.ep5.el6 | 0:5.2.0-16.ep5.el6 |
| redhat/jbossas-hornetq | <0:5.2.0-7.ep5.el6 | 0:5.2.0-7.ep5.el6 |
| redhat/jbossas-tp-licenses | <0:5.2.0-8.ep5.el6 | 0:5.2.0-8.ep5.el6 |
| redhat/jbossas-ws-cxf | <0:5.2.0-10.ep5.el6 | 0:5.2.0-10.ep5.el6 |
| redhat/jboss-messaging | <0:1.4.8-12.SP9.1.ep5.el6 | 0:1.4.8-12.SP9.1.ep5.el6 |
| redhat/netty | <0:3.2.5-6.ep5.el6 | 0:3.2.5-6.ep5.el6 |
| redhat/rh-eap-docs | <0:5.2.0-10.ep5.el6 | 0:5.2.0-10.ep5.el6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://coheigea.blogspot.com/2012/04/note-on-cve-2011-1096.html
- http://rhn.redhat.com/errata/RHSA-2012-1301.html
- http://www.csoonline.com/article/692366/widely-used-encryption-standard-is-insecure-say-experts
- https://bugzilla.redhat.com/show_bug.cgi?id=681916
- http://cxf.apache.org/note-on-cve-2011-1096.html
- http://rhn.redhat.com/errata/RHSA-2012-1344.html
- http://dl.acm.org/citation.cfm?id=2046756&dl=ACM&coll=DL
- http://www.securityfocus.com/bid/55770
- http://aktuell.ruhr-uni-bochum.de/pm2011/pm00330.html.de
- http://rhn.redhat.com/errata/RHSA-2012-1330.html
- http://rhn.redhat.com/errata/RHSA-2013-0194.html
- http://secunia.com/advisories/51984
- http://rhn.redhat.com/errata/RHSA-2013-0195.html
- http://secunia.com/advisories/52054
- http://rhn.redhat.com/errata/RHSA-2013-0198.html
- http://rhn.redhat.com/errata/RHSA-2013-0197.html
- http://rhn.redhat.com/errata/RHSA-2013-0191.html
- http://rhn.redhat.com/errata/RHSA-2013-0196.html
- http://rhn.redhat.com/errata/RHSA-2013-0221.html
- http://rhn.redhat.com/errata/RHSA-2013-0193.html
- http://rhn.redhat.com/errata/RHSA-2013-0192.html
- http://rhn.redhat.com/errata/RHSA-2013-0261.html
- http://rhn.redhat.com/errata/RHSA-2013-1437.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/79031
- https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E
- https://lists.apache.org/thread.html/rc774278135816e7afc943dc9fc78eb0764f2c84a2b96470a0187315c%40%3Ccommits.cxf.apache.org%3E
- https://lists.apache.org/thread.html/8d5d29747548a24cccdb7f3e2d4d599ffb7ffe4537426b3c9a852cf4%40%3Ccommits.cxf.apache.org%3E
- https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E
- https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E
- https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E
- https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E
- https://www.cve.org/CVERecord?id=CVE-2011-1096 https://nvd.nist.gov/vuln/detail/CVE-2011-1096
- https://access.redhat.com/errata/RHSA-2013:0196
- https://access.redhat.com/errata/RHSA-2013:0195
- https://access.redhat.com/errata/RHSA-2013:0221
- https://access.redhat.com/errata/RHSA-2013:0261
- https://access.redhat.com/errata/RHSA-2013:0194
- https://access.redhat.com/errata/RHSA-2013:0193
- https://access.redhat.com/errata/RHSA-2013:0192
- https://access.redhat.com/errata/RHSA-2013:0191
- https://access.redhat.com/errata/RHSA-2013:0569
- https://access.redhat.com/errata/RHSA-2012:1344
- https://access.redhat.com/errata/RHSA-2012:1330
- https://access.redhat.com/errata/RHSA-2013:0198
- https://access.redhat.com/security/cve/CVE-2011-1096
- http://www.sigsac.org/ccs/CCS2011/paper_list.shtml
- http://dl.acm.org/citation.cfm?id=2046756&dl=ACM&coll=DL&CFID=61633880&CFTOKEN=38378828
- http://www-01.ibm.com/support/docview.wss?uid=swg1IC76651
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=745407
- http://cxf.apache.org/custom/security-policy
- https://rhn.redhat.com/errata/RHSA-2012-1330.html
- https://rhn.redhat.com/errata/RHSA-2012-1344.html
- https://rhn.redhat.com/errata/RHSA-2013-0194.html
- https://rhn.redhat.com/errata/RHSA-2013-0192.html
- https://rhn.redhat.com/errata/RHSA-2013-0191.html
- https://rhn.redhat.com/errata/RHSA-2013-0195.html
- https://rhn.redhat.com/errata/RHSA-2013-0193.html
- https://rhn.redhat.com/errata/RHSA-2013-0197.html
- https://rhn.redhat.com/errata/RHSA-2013-0196.html
- https://rhn.redhat.com/errata/RHSA-2013-0198.html
- https://rhn.redhat.com/errata/RHSA-2013-0221.html
- https://rhn.redhat.com/errata/RHSA-2013-0261.html
- https://rhn.redhat.com/errata/RHSA-2013-0569.html
Parent vulnerabilities
(Appears in the following advisories)
- collector/nvd-historical
- collector/redhat-cve
- collector/nvd-index
- agent/type
- agent/event
- agent/author
- agent/weakness
- agent/severity
- agent/description
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2011-1096
- vendor/redhat
- canonical/redhat jboss enterprise portal platform
- version/redhat jboss enterprise portal platform/5.0.0
- version/redhat jboss enterprise portal platform/5.1.1
- version/redhat jboss enterprise portal platform/5.1.0
- version/redhat jboss enterprise portal platform/5.2.1
- version/redhat jboss enterprise portal platform/5.2.0
- version/redhat jboss enterprise portal platform/5.0.1
- package-manager/redhat