Is there a patch for CVE-2011-2487 jbossws: Prone to Bleichenbacher attack against to be distributed symmetric key?

Solution Verified - Updated -

Issue

  • What is the resolution for the vulnerability reported in CVE-2011-2487 jbossws?
  • The CVE reports that, a remote attacker, aware of a cryptographic weakness of the PKCS#1 v1.5 public key encryption scheme, could use this flaw to conduct chosen-encrypted-key attacks, leading to the recovery of the entire plaintext form of the intended symmetric key, to be distributed, by examining of the differences between SOAP responses, sent from JBossWS server.

Environment

  • Red Hat JBoss Application Platform (EAP) 5.1.x
  • Red Hat JBoss Enterprise BRMS Platform 5.3
  • Red Hat JBoss Enterprise Web Platform 5
  • Red Hat JBoss Enterprise Web Platform 5.2
  • Red Hat JBoss SOA Platform 5.3

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In