Back to bug 713539
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Jan Lieskovsky | 2011-06-15 18:47:05 UTC | Blocks | 713551 | |
| Jan Lieskovsky | 2011-06-21 17:37:06 UTC | CC | djorm | |
| Jan Lieskovsky | 2011-06-23 13:55:25 UTC | Summary | EMBARGOED: jbossws: Prone to Bleichenbacher attack against to be distributed symmetric key | EMBARGOED: CVE-2011-2487 jbossws: Prone to Bleichenbacher attack against to be distributed symmetric key |
| Alias | CVE-2011-2487 | |||
| Jan Lieskovsky | 2011-11-04 16:21:13 UTC | Blocks | 713551 | |
| Jan Lieskovsky | 2011-11-04 16:21:15 UTC | Blocks | 751414 | |
| Ramon de C Valle | 2012-07-09 20:45:41 UTC | CC | rcvalle | |
| Whiteboard | impact=important,public=no,reported=20110611,source=secalert,cvss2=7.8/AV:N/AC:L/Au:N/C:C/I:N/A:N | impact=important,public=no,reported=20110611,source=secalert,cvss2=7.8/AV:N/AC:L/Au:N/C:C/I:N/A:N,cwe=CWE-327 | ||
| David Jorm | 2012-11-21 04:08:06 UTC | Group | security, qe_staff | |
| Summary | EMBARGOED: CVE-2011-2487 jbossws: Prone to Bleichenbacher attack against to be distributed symmetric key | CVE-2011-2487 jbossws: Prone to Bleichenbacher attack against to be distributed symmetric key | ||
| Whiteboard | impact=important,public=no,reported=20110611,source=secalert,cvss2=7.8/AV:N/AC:L/Au:N/C:C/I:N/A:N,cwe=CWE-327 | impact=important,public=20120904,reported=20110611,source=secalert,cvss2=7.8/AV:N/AC:L/Au:N/C:C/I:N/A:N,cwe=CWE-327 | ||
| David Jorm | 2012-11-28 05:36:18 UTC | Whiteboard | impact=important,public=20120904,reported=20110611,source=secalert,cvss2=7.8/AV:N/AC:L/Au:N/C:C/I:N/A:N,cwe=CWE-327 | impact=important,public=20120904,reported=20110611,source=secalert,cvss2=7.8/AV:N/AC:L/Au:N/C:C/I:N/A:N,cwe=CWE-327,epp-4/jbossws-native=affected,epp-5/jbossws-native=affected,soap-4.2/jbossws-native=affected,soap-4.3/jbossws-native=affected soap-5/cxf=affected,brms-5/cxf=affected |
| David Jorm | 2012-12-04 04:06:11 UTC | Depends On | 883217 | |
| David Jorm | 2012-12-04 04:06:26 UTC | Depends On | 883218 | |
| David Jorm | 2012-12-04 04:06:43 UTC | Depends On | 883219 | |
| David Jorm | 2012-12-04 04:06:55 UTC | Depends On | 883220 | |
| David Jorm | 2012-12-04 04:07:07 UTC | Depends On | 883221 | |
| David Jorm | 2012-12-04 04:07:20 UTC | Depends On | 883222 | |
| David Jorm | 2012-12-04 04:45:44 UTC | Blocks | 883225 | |
| David Jorm | 2012-12-10 01:36:27 UTC | Blocks | 789173 | |
| David Jorm | 2012-12-10 01:36:56 UTC | Blocks | 849517 | |
| David Jorm | 2012-12-10 01:37:14 UTC | Blocks | 835396 | |
| Arun Babu Neelicattu | 2013-03-06 02:48:20 UTC | Depends On | 918348 | |
| John Skeoch | 2013-10-14 05:53:56 UTC | CC | rcvalle | bressers |
| David Jorm | 2013-11-22 02:28:18 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2013-11-21 21:28:18 UTC | |||
| Martin Prpič | 2015-07-31 12:44:15 UTC | Whiteboard | impact=important,public=20120904,reported=20110611,source=secalert,cvss2=7.8/AV:N/AC:L/Au:N/C:C/I:N/A:N,cwe=CWE-327,epp-4/jbossws-native=affected,epp-5/jbossws-native=affected,soap-4.2/jbossws-native=affected,soap-4.3/jbossws-native=affected,soap-5/cxf=affected,brms-5/cxf=affected | impact=important,public=20120904,reported=20110611,source=researcher,cvss2=7.8/AV:N/AC:L/Au:N/C:C/I:N/A:N,cwe=CWE-327,epp-4/jbossws-native=affected,epp-5/jbossws-native=affected,soap-4.2/jbossws-native=affected,soap-4.3/jbossws-native=affected,soap-5/cxf=affected,brms-5/cxf=affected |
| Product Security DevOps Team | 2019-09-29 12:45:43 UTC | Whiteboard | impact=important,public=20120904,reported=20110611,source=researcher,cvss2=7.8/AV:N/AC:L/Au:N/C:C/I:N/A:N,cwe=CWE-327,epp-4/jbossws-native=affected,epp-5/jbossws-native=affected,soap-4.2/jbossws-native=affected,soap-4.3/jbossws-native=affected,soap-5/cxf=affected,brms-5/cxf=affected | |
| Chess Hazlett | 2020-01-21 21:27:25 UTC | Hardware | Unspecified | All |
| Doc Text | It was found that JBoss web services used a weak symmetric encryption protocol, PKCS#1 v1.5. An attacker could use this weakness in chosen-ciphertext attacks to recover the symmetric key and conduct further attacks. | |||
| OS | Unspecified | Linux | ||
| RaTasha Tillery-Smith | 2020-01-23 15:43:52 UTC | Doc Text | It was found that JBoss web services used a weak symmetric encryption protocol, PKCS#1 v1.5. An attacker could use this weakness in chosen-ciphertext attacks to recover the symmetric key and conduct further attacks. | A flaw was found in JBoss web services where the services used a weak symmetric encryption protocol, PKCS#1 v1.5. An attacker could use this weakness in chosen-ciphertext attacks to recover the symmetric key and conduct further attacks. |
Back to bug 713539