VDB
RHSA-2012%3A1344
RHSA-2012%3A1344
PUBLISHED
CVSS 7.800000190734863 HIGH
The W3C XML Encryption Standard, as used in the JBoss Web Services (JBossWS) component in JBoss Enterprise Portal Platform before 5.2.2 and other products, when using block ciphers in cipher-block chaining (CBC) mode, allows remote attackers to obtain plaintext data via a chosen-ciphertext attack on SOAP responses, aka "character encoding pattern attack."
Risk Scores
CVSS 2.0
7.800000190734863
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Red Hat JBoss Portal 5.2 |
Timeline
- Oct 8, 2012 CVE Published
- Apr 29, 2026 Distribution Patch
- Apr 29, 2026 Distribution Patch
- Apr 29, 2026 Security Advisory
- Apr 29, 2026 Security Advisory
- May 14, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2012:1344 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jbportal&downloadType=securityPatches&version=5.2.2 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=681916 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2012/rhsa-2012_1344.json advisory
- https://access.redhat.com/security/cve/CVE-2011-1096 advisory
- https://www.cve.org/CVERecord?id=CVE-2011-1096 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2011-1096 advisory