Character Encoding Pattern Attack in W3C XML Encryption Standard
CVE-2011-1096 · MEDIUM Severity
AV:N/AC:L/AU:N/C:P/I:N/A:N
The W3C XML Encryption Standard, as used in the JBoss Web Services (JBossWS) component in JBoss Enterprise Portal Platform before 5.2.2 and other products, when using block ciphers in cipher-block chaining (CBC) mode, allows remote attackers to obtain plaintext data via a chosen-ciphertext attack on SOAP responses, aka "character encoding pattern attack."
Learn more about our Web App Pen Testing.