JBoss Enterprise Application Platform Multiple Vulnerabilities
Last Update Date:
31 May 2013
Release Date:
30 May 2013
3475
Views
RISK: Medium Risk
TYPE: Servers - Web Servers
![TYPE: Web Servers](/f/bulletin_type/100012/37p37/servers-webservers.png)
Multiple vulnerabilities have been identified in JBoss Enterprise Application Platform.
XML encryption backwards compatibility attacks were found against various frameworks, including Apache CXF. An attacker could force a server to use insecure, legacy cryptosystems, even when secure cryptosystems were enabled on endpoints.
Impact
- Security Restriction Bypass
- Information Disclosure
System / Technologies affected
- JBoss Enterprise Application Platform 5.2.0
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- This update is available via the Red Hat Network.
https://access.redhat.com/knowledge/articles/11258
Vulnerability Identifier
Source
Related Link
Share with