Moderate severityNVD Advisory· Published Mar 11, 2020· Updated Aug 6, 2024
CVE-2011-2487
CVE-2011-2487
Description
The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.ws.security:wss4jMaven | < 1.6.5 | 1.6.5 |
wss4j:wss4jMaven | < 1.6.5 | 1.6.5 |
Affected products
4- ghsa-coords2 versions
< 1.6.5+ 1 more
- (no CPE)range: < 1.6.5
- (no CPE)range: < 1.6.5
Patches
Vulnerability mechanics
References
39- github.com/advisories/GHSA-4qqf-hmv6-r6whghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2011-2487ghsaADVISORY
- cxf.apache.org/note-on-cve-2011-2487.htmlghsax_refsource_MISCWEB
- rhn.redhat.com/errata/RHSA-2013-0191.htmlghsax_refsource_MISCWEB
- rhn.redhat.com/errata/RHSA-2013-0192.htmlghsax_refsource_MISCWEB
- rhn.redhat.com/errata/RHSA-2013-0193.htmlghsax_refsource_MISCWEB
- rhn.redhat.com/errata/RHSA-2013-0194.htmlghsax_refsource_MISCWEB
- rhn.redhat.com/errata/RHSA-2013-0195.htmlghsax_refsource_MISCWEB
- rhn.redhat.com/errata/RHSA-2013-0196.htmlghsax_refsource_MISCWEB
- rhn.redhat.com/errata/RHSA-2013-0198.htmlghsax_refsource_MISCWEB
- rhn.redhat.com/errata/RHSA-2013-0221.htmlghsax_refsource_MISCWEB
- www.securityfocus.com/bid/57549mitrex_refsource_MISC
- access.redhat.com/errata/RHSA-2013:0191ghsaWEB
- access.redhat.com/errata/RHSA-2013:0192ghsaWEB
- access.redhat.com/errata/RHSA-2013:0193ghsaWEB
- access.redhat.com/errata/RHSA-2013:0194ghsaWEB
- access.redhat.com/errata/RHSA-2013:0195ghsaWEB
- access.redhat.com/errata/RHSA-2013:0196ghsaWEB
- access.redhat.com/errata/RHSA-2013:0197ghsaWEB
- access.redhat.com/errata/RHSA-2013:0198ghsaWEB
- access.redhat.com/errata/RHSA-2013:0221ghsaWEB
- access.redhat.com/errata/RHSA-2013:0533ghsaWEB
- access.redhat.com/errata/RHSA-2013:0953ghsaWEB
- access.redhat.com/security/cve/CVE-2011-2487ghsaWEB
- bugzilla.redhat.com/show_bug.cgighsax_refsource_MISCWEB
- exchange.xforce.ibmcloud.com/vulnerabilities/81737ghsax_refsource_MISCWEB
- lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3Eghsamailing-listx_refsource_MLISTWEB
- lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3EghsaWEB
- lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3Eghsamailing-listx_refsource_MLISTWEB
- lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3EghsaWEB
- lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3Eghsamailing-listx_refsource_MLISTWEB
- lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3EghsaWEB
- lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3Eghsamailing-listx_refsource_MLISTWEB
- lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3EghsaWEB
- lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3Eghsamailing-listx_refsource_MLISTWEB
- lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3EghsaWEB
- web.archive.org/web/20210122063156/http://www.securityfocus.com/bid/57549ghsaWEB
- www.nds.ruhr-uni-bochum.de/research/publications/breaking-xml-encryption-pkcs15ghsaWEB
- www.nds.ruhr-uni-bochum.de/research/publications/breaking-xml-encryption-pkcs15/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.