VDB
RHSA-2013%3A0569
RHSA-2013%3A0569
PUBLISHED
CVSS 7.800000190734863 HIGH
The W3C XML Encryption Standard, as used in the JBoss Web Services (JBossWS) component in JBoss Enterprise Portal Platform before 5.2.2 and other products, when using block ciphers in cipher-block chaining (CBC) mode, allows remote attackers to obtain plaintext data via a chosen-ciphertext attack on SOAP responses, aka "character encoding pattern attack."
Risk Scores
CVSS 2.0
7.800000190734863
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Red Hat JBoss Portal 4.3 | |
| Red Hat | Red Hat JBoss SOA Platform 4.3 |
Timeline
- Feb 26, 2013 CVE Published
- Apr 29, 2026 Distribution Patch
- Apr 29, 2026 Distribution Patch
- Apr 29, 2026 Security Advisory
- Apr 29, 2026 Security Advisory
- May 14, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2013:0569 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=soaplatform&downloadType=securityPatches&version=4.3.0.GA_CP05 advisory
- https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jbportal&downloadType=securityPatches&version=4.3+CP07 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=681916 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2013/rhsa-2013_0569.json advisory
- https://access.redhat.com/security/cve/CVE-2011-1096 advisory
- https://www.cve.org/CVERecord?id=CVE-2011-1096 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2011-1096 advisory