CVE编号
CVE-2011-2487利用情况
暂无补丁情况
N/A披露时间
2020-03-12漏洞描述
The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack.解决建议
建议您更新当前系统或软件至最新版,完成漏洞的修复。
参考链接 |
|
|---|---|
| http://cxf.apache.org/note-on-cve-2011-2487.html | |
| http://rhn.redhat.com/errata/RHSA-2013-0191.html | |
| http://rhn.redhat.com/errata/RHSA-2013-0192.html | |
| http://rhn.redhat.com/errata/RHSA-2013-0193.html | |
| http://rhn.redhat.com/errata/RHSA-2013-0194.html | |
| http://rhn.redhat.com/errata/RHSA-2013-0195.html | |
| http://rhn.redhat.com/errata/RHSA-2013-0196.html | |
| http://rhn.redhat.com/errata/RHSA-2013-0198.html | |
| http://rhn.redhat.com/errata/RHSA-2013-0221.html | |
| http://www.securityfocus.com/bid/57549 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=713539 | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/81737 | |
| https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637d... | |
| https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d... | |
| https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9... | |
| https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1a... | |
| https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e57... | |
| https://www.nds.ruhr-uni-bochum.de/research/publications/breaking-xml-encrypt... |
受影响软件情况
| # | 类型 | 厂商 | 产品 | 版本 | 影响面 | ||||
| 1 | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| 运行在以下环境 | |||||||||
| 应用 | apache | cxf | * |
From (including) 2.4.0 |
Up to (including) 2.4.6 |
||||
| 运行在以下环境 | |||||||||
| 应用 | apache | cxf | * |
From (including) 2.5.0 |
Up to (including) 2.5.2 |
||||
| 运行在以下环境 | |||||||||
| 应用 | apache | wss4j | * |
Up to (excluding) 1.6.5 |
|||||
| 运行在以下环境 | |||||||||
| 应用 | redhat | jboss_business_rules_management_system | 5.3 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | redhat | jboss_enterprise_application_platform | 5.0.0 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | redhat | jboss_enterprise_application_platform_text-only_advisories | - | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | redhat | jboss_enterprise_soa_platform | 4.2.0 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | redhat | jboss_enterprise_soa_platform | 4.3.0 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | redhat | jboss_enterprise_web_platform | 5.0.0 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | redhat | jboss_middleware_text-only_advisories | - | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | redhat | jboss_portal | 4.0.0 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | redhat | jboss_web_services | - | - | |||||
- 攻击路径 网络
- 攻击复杂度 高
- 权限要求 无
- 影响范围 未更改
- 用户交互 无
- 可用性 无
- 保密性 高
- 完整性 无
还没有评论,来说两句吧...