← back
CVE-2011-2487

CVE-2011-2487

EPSS 1.8%
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 1.8%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
11 Mar 2020Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack.
Affected products
Apache · WSS4JRed Hat · JBossWS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://cxf.apache.org/note-on-cve-2011-2487.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0191.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0192.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0193.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0194.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0195.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0196.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0198.htmlhttp://rhn.redhat.com/errata/RHSA-2013-0221.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=713539https://exchange.xforce.ibmcloud.com/vulnerabilities/81737https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E