Bug 880443 (CVE-2012-5575)
Summary: | CVE-2012-5575 jbossws-native, jbossws-cxf, apache-cxf: XML encryption backwards compatibility attacks | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | David Jorm <djorm> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | aneelica, asoldano, bressers, jlieskov, jrusnack, mjc, osoukup, pcheung, security-response-team |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-10-17 01:44:03 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 901224, 918348, 952020, 952021, 952022, 952023, 952024, 952025, 952027, 953308 | ||
Bug Blocks: | 880470, 920007, 953709, 958335, 968131, 970481 |
Description
David Jorm
2012-11-27 01:56:15 UTC
External References: http://www.nds.ruhr-uni-bochum.de/research/publications/backwards-compatibility/ http://cxf.apache.org/cve-2012-5575.html This issue has been addressed in following products: JBoss Enterprise Application Platform 6.1.0 Via RHSA-2013:0833 https://rhn.redhat.com/errata/RHSA-2013-0833.html This issue has been addressed in following products: JBEAP 6 for RHEL 6 Via RHSA-2013:0834 https://rhn.redhat.com/errata/RHSA-2013-0834.html This issue has been addressed in following products: JBEAP 6 for RHEL 5 Via RHSA-2013:0839 https://rhn.redhat.com/errata/RHSA-2013-0839.html This issue has been addressed in following products: JBoss Enterprise Web Platform 5.2.0 Via RHSA-2013:0876 https://rhn.redhat.com/errata/RHSA-2013-0876.html This issue has been addressed in following products: JBoss Enterprise Application Platform 5.2.0 Via RHSA-2013:0875 https://rhn.redhat.com/errata/RHSA-2013-0875.html This issue has been addressed in following products: JBEWP 5 for RHEL 4 JBEWP 5 for RHEL 5 JBEWP 5 for RHEL 6 Via RHSA-2013:0874 https://rhn.redhat.com/errata/RHSA-2013-0874.html This issue has been addressed in following products: JBEAP 5 for RHEL 4 JBEAP 5 for RHEL 5 JBEAP 5 for RHEL 6 Via RHSA-2013:0873 https://rhn.redhat.com/errata/RHSA-2013-0873.html This issue has been addressed in following products: Red Hat JBoss SOA Platform 5.3.1 Via RHSA-2013:0943 https://rhn.redhat.com/errata/RHSA-2013-0943.html This issue has been addressed in following products: Red Hat JBoss Portal 5.2.2 Via RHSA-2013:0953 https://rhn.redhat.com/errata/RHSA-2013-0953.html This issue has been addressed in following products: Red Hat JBoss BRMS 5.3.1 Via RHSA-2013:1006 https://rhn.redhat.com/errata/RHSA-2013-1006.html This issue has been addressed in following products: Fuse ESB Enterprise 7.1.0 Via RHSA-2013:1028 https://rhn.redhat.com/errata/RHSA-2013-1028.html This issue has been addressed in following products: Red Hat JBoss SOA Platform 4.3 CP05 Red Hat JBoss Portal 4.3 CP07 Via RHSA-2013:1143 https://rhn.redhat.com/errata/RHSA-2013-1143.html This issue has been addressed in following products: Red Hat JBoss Portal 6.1.0 Via RHSA-2013:1437 https://rhn.redhat.com/errata/RHSA-2013-1437.html |