Character Encoding Pattern Attack in W3C XML Encryption Standard

Character Encoding Pattern Attack in W3C XML Encryption Standard

CVE-2011-1096 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

The W3C XML Encryption Standard, as used in the JBoss Web Services (JBossWS) component in JBoss Enterprise Portal Platform before 5.2.2 and other products, when using block ciphers in cipher-block chaining (CBC) mode, allows remote attackers to obtain plaintext data via a chosen-ciphertext attack on SOAP responses, aka "character encoding pattern attack."

Learn more about our Web App Pen Testing.