The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack.
Software | From | Fixed in |
---|---|---|
redhat / jboss_enterprise_application_platform | 5.0.0 | 5.0.0.x |
apache / cxf | 2.4.0 | 2.4.6.x |
apache / cxf | 2.5.0 | 2.5.2.x |
redhat / jboss_enterprise_soa_platform | 4.2.0 | 4.2.0.x |
redhat / jboss_enterprise_soa_platform | 4.3.0 | 4.3.0.x |
redhat / jboss_business_rules_management_system | 5.3 | 5.3.x |
redhat / jboss_enterprise_web_platform | 5.0.0 | 5.0.0.x |
apache / wss4j | - | 1.6.5 |
redhat / jboss_portal | 4.0.0 | 4.0.0.x |
org.apache.ws.security / wss4j | - | 1.6.5 |