Fedora Account System
Red Hat Associate
Red Hat Customer
Tibor Jager, Kenneth G. Paterson and Juraj Somorovsky have described XML encryption backwards compatibility attacks against various frameworks, including Apache CXF. An attacker can use these flaws to force a server to utilize insecure, legacy cryptosystems when secure cryptosystems are enabled on endpoints. This could expose flaws in the underlying legacy cryptosystems, such as CVE-2011-1096 and CVE-2011-2487. This flaw also affects the jbossws-native stack.
External References: http://www.nds.ruhr-uni-bochum.de/research/publications/backwards-compatibility/ http://cxf.apache.org/cve-2012-5575.html
This issue has been addressed in following products: JBoss Enterprise Application Platform 6.1.0 Via RHSA-2013:0833 https://rhn.redhat.com/errata/RHSA-2013-0833.html
This issue has been addressed in following products: JBEAP 6 for RHEL 6 Via RHSA-2013:0834 https://rhn.redhat.com/errata/RHSA-2013-0834.html
This issue has been addressed in following products: JBEAP 6 for RHEL 5 Via RHSA-2013:0839 https://rhn.redhat.com/errata/RHSA-2013-0839.html
This issue has been addressed in following products: JBoss Enterprise Web Platform 5.2.0 Via RHSA-2013:0876 https://rhn.redhat.com/errata/RHSA-2013-0876.html
This issue has been addressed in following products: JBoss Enterprise Application Platform 5.2.0 Via RHSA-2013:0875 https://rhn.redhat.com/errata/RHSA-2013-0875.html
This issue has been addressed in following products: JBEWP 5 for RHEL 4 JBEWP 5 for RHEL 5 JBEWP 5 for RHEL 6 Via RHSA-2013:0874 https://rhn.redhat.com/errata/RHSA-2013-0874.html
This issue has been addressed in following products: JBEAP 5 for RHEL 4 JBEAP 5 for RHEL 5 JBEAP 5 for RHEL 6 Via RHSA-2013:0873 https://rhn.redhat.com/errata/RHSA-2013-0873.html
This issue has been addressed in following products: Red Hat JBoss SOA Platform 5.3.1 Via RHSA-2013:0943 https://rhn.redhat.com/errata/RHSA-2013-0943.html
This issue has been addressed in following products: Red Hat JBoss Portal 5.2.2 Via RHSA-2013:0953 https://rhn.redhat.com/errata/RHSA-2013-0953.html
This issue has been addressed in following products: Red Hat JBoss BRMS 5.3.1 Via RHSA-2013:1006 https://rhn.redhat.com/errata/RHSA-2013-1006.html
This issue has been addressed in following products: Fuse ESB Enterprise 7.1.0 Via RHSA-2013:1028 https://rhn.redhat.com/errata/RHSA-2013-1028.html
This issue has been addressed in following products: Red Hat JBoss SOA Platform 4.3 CP05 Red Hat JBoss Portal 4.3 CP07 Via RHSA-2013:1143 https://rhn.redhat.com/errata/RHSA-2013-1143.html
This issue has been addressed in following products: Red Hat JBoss Portal 6.1.0 Via RHSA-2013:1437 https://rhn.redhat.com/errata/RHSA-2013-1437.html