Red Hat Security Advisory 2015-0848-01

Discussion in 'News Aggregator' started by Packet Storm, 17 Apr 2015.

  1. Packet Storm

    Packet Storm Guest

    Red Hat Security Advisory 2015-0848-01 - Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. It was found that a prior countermeasure in Apache WSS4J for Bleichenbacher's attack on XML Encryption threw an exception that permitted an attacker to determine the failure of the attempted attack, thereby leaving WSS4J vulnerable to the attack. The original flaw allowed a remote attacker to recover the entire plain text form of a symmetric key. A flaw was found in the way PicketLink's Service Provider and Identity Provider handled certain requests. A remote attacker could use this flaw to log to a victim's account via PicketLink.

    Continue reading...
     
    #1 Packet Storm, 17 Apr 2015
(You must log in or sign up to post here.)

Share This Page

Loading...