Bug 713539 (CVE-2011-2487)

Summary:	CVE-2011-2487 jbossws: Prone to Bleichenbacher attack against to be distributed symmetric key
Product:	[Other] Security Response	Reporter:	Jan Lieskovsky <jlieskov>
Component:	vulnerability	Assignee:	Red Hat Product Security <security-response-team>
Status:	CLOSED ERRATA	QA Contact:
Severity:	high	Docs Contact:
Priority:	high
Version:	unspecified	CC:	asoldano, bressers, djorm, fnasser, security-response-team
Target Milestone:	---	Keywords:	Security
Target Release:	---
Hardware:	All
OS:	Linux
Whiteboard:
Fixed In Version:		Doc Type:	Bug Fix
Doc Text:	A flaw was found in JBoss web services where the services used a weak symmetric encryption protocol, PKCS#1 v1.5. An attacker could use this weakness in chosen-ciphertext attacks to recover the symmetric key and conduct further attacks.	Story Points:	---
Clone Of:		Environment:
Last Closed:	2013-11-22 02:28:18 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:
Bug Depends On:	883217, 883218, 883219, 883220, 883221, 883222, 918348
Bug Blocks:	751414, 789173, 835396, 849517, 883225

Description Jan Lieskovsky 2011-06-15 17:47:15 UTC

It was found that JBossWS, a J2EE Web Services server, leaked further
channel data, by using PKCS#1 v1.5 protocol family / public key encryption
scheme in order to distribute the symmetric key. A remote attacker, aware
of a cryptographic weakness of the PKCS#1 v1.5 public key encryption scheme,
could use this flaw to conduct chosen-encrypted-key attacks, leading to the
recovery of the entire plaintext form of the intended symmetric key, to be
distributed, by examining of the differences between SOAP responses, sent
from JBossWS server.

Acknowledgements:

Red Hat would like to thank Juraj Somorovsky of Ruhr-University Bochum
for reporting this issue.

Comment 7 Jan Lieskovsky 2011-06-23 13:55:25 UTC

The CVE identifier of CVE-2011-2487 has been assigned to this issue.

Comment 32 David Jorm 2012-11-15 04:32:16 UTC

External References:

https://www.nds.ruhr-uni-bochum.de/research/publications/breaking-xml-encryption-pkcs15/

Comment 33 David Jorm 2012-11-21 01:42:27 UTC

Statement:

This flaw affects Apache CXF (WSS4J) and jbossws-native as shipped with various JBoss products. It does not affect JBoss Enterprise Application Platform 6 and JBoss Application Server 7.1.1 and above. These products include WSS4J 1.6.5, which incorporates a fix for this flaw. On affected products, this flaw can be mitigated by using the RSA-OAEP key wrap algorithm, instead of the default RSA-v1.5 algorithm. To use RSA-OAEP, edit the jboss-ws-security configuration file and add the property keyWrapAlgorithm="rsa_oaep" to the encrypt element.

Comment 36 Vincent Danen 2012-12-11 19:11:55 UTC

Upstream advisory for Apache CXF:

http://cxf.apache.org/note-on-cve-2011-2487.html

Comment 37 errata-xmlrpc 2013-01-24 18:09:05 UTC

This issue has been addressed in following products:

  JBoss Enterprise Application Platform 5.2.0

Via RHSA-2013:0194 https://rhn.redhat.com/errata/RHSA-2013-0194.html

Comment 38 errata-xmlrpc 2013-01-24 18:32:11 UTC

This issue has been addressed in following products:

  JBEAP 5 for RHEL 5

Via RHSA-2013:0192 https://rhn.redhat.com/errata/RHSA-2013-0192.html

Comment 39 errata-xmlrpc 2013-01-24 18:32:57 UTC

This issue has been addressed in following products:

  JBEAP 5 for RHEL 6

Via RHSA-2013:0191 https://rhn.redhat.com/errata/RHSA-2013-0191.html

Comment 40 errata-xmlrpc 2013-01-24 18:45:15 UTC

This issue has been addressed in following products:

  JBEWP 5 for RHEL 6

Via RHSA-2013:0195 https://rhn.redhat.com/errata/RHSA-2013-0195.html

Comment 41 errata-xmlrpc 2013-01-24 18:46:00 UTC

This issue has been addressed in following products:

  JBEAP 5 for RHEL 4

Via RHSA-2013:0193 https://rhn.redhat.com/errata/RHSA-2013-0193.html

Comment 42 errata-xmlrpc 2013-01-24 18:58:15 UTC

This issue has been addressed in following products:

  JBEWP 5 for RHEL 4

Via RHSA-2013:0197 https://rhn.redhat.com/errata/RHSA-2013-0197.html

Comment 43 errata-xmlrpc 2013-01-24 18:59:07 UTC

This issue has been addressed in following products:

  JBEWP 5 for RHEL 5

Via RHSA-2013:0196 https://rhn.redhat.com/errata/RHSA-2013-0196.html

Comment 44 errata-xmlrpc 2013-01-24 19:07:56 UTC

This issue has been addressed in following products:

  JBoss Enterprise Web Platform 5.2.0

Via RHSA-2013:0198 https://rhn.redhat.com/errata/RHSA-2013-0198.html

Comment 45 errata-xmlrpc 2013-01-31 20:31:02 UTC

This issue has been addressed in following products:

  JBoss Enterprise BRMS Platform 5.3.1

Via RHSA-2013:0221 https://rhn.redhat.com/errata/RHSA-2013-0221.html

Comment 46 errata-xmlrpc 2013-02-20 21:43:30 UTC

This issue has been addressed in following products:

  JBoss Enterprise SOA Platform 5.3.1

Via RHSA-2013:0533 https://rhn.redhat.com/errata/RHSA-2013-0533.html

Comment 47 errata-xmlrpc 2013-06-18 14:49:02 UTC

This issue has been addressed in following products:

  Red Hat JBoss Portal 5.2.2

Via RHSA-2013:0953 https://rhn.redhat.com/errata/RHSA-2013-0953.html

Comment 48 errata-xmlrpc 2013-11-22 00:41:42 UTC

This issue has been addressed in following products:

  Red Hat JBoss SOA Platform 4.3 CP05
  Red Hat JBoss Portal 4.3 CP07

Via RHSA-2013:1757 https://rhn.redhat.com/errata/RHSA-2013-1757.html