JBoss Web Services W3C XML Encryption Standard Information Disclosure Vulnerability

JBoss Web Services (JBossWS) is prone to an information disclosure vulnerability due to a design error in the W3C XML Encryption Standard when using the cipher-block chaining (CBC) mode of operation.

Successful exploits may allow an attacker to gain access to sensitive information that may aid in further attacks.


Privacy Statement
Copyright 2010, SecurityFocus