Описание
The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack.
Ссылки
- Vendor Advisory
- PatchVendor Advisory
- PatchVendor Advisory
- Broken LinkPatchVendor Advisory
- PatchVendor Advisory
- PatchVendor Advisory
- PatchVendor Advisory
- PatchVendor Advisory
- PatchVendor Advisory
- Third Party AdvisoryVDB Entry
- Issue TrackingPatchVendor Advisory
- VDB EntryVendor Advisory
- Technical DescriptionThird Party Advisory
- Vendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 2.4.0 (включая) до 2.4.6 (включая)Версия от 2.5.0 (включая) до 2.5.2 (включая)Версия до 1.6.5 (исключая)
Одно из
cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:wss4j:*:*:*:*:*:*:*:*
Конфигурация 2
Одно из
cpe:2.3:a:redhat:jboss_business_rules_management_system:5.3:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform_text-only_advisories:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.2.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.3.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_middleware_text-only_advisories:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_portal:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_web_services:-:*:*:*:*:*:*:*
EPSS
Процентиль: 65%
0.0049
Низкий
5.9 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-327
Связанные уязвимости
redhat
больше 13 лет назад
The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack.
CVSS3: 5.9
github
почти 4 года назад
Use of a Broken or Risky Cryptographic Algorithm in Apache WSS4J
EPSS
Процентиль: 65%
0.0049
Низкий
5.9 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-327