Red Hat Security Advisory 2013-0876-01
https://packetstormsecurity.com/files/121770/RHSA-2013-0876-01.txt
https://packetstormsecurity.com/files/121770/RHSA-2013-0876-01.txthttps://packetstormsecurity.com/files/121770/Red-Hat-Security-Advisory-2013-0876-01.htmlTue, 28 May 2013 19:51:20 GMTRed Hat Security Advisory 2013-0876-01 - The Enterprise Web Platform is a slimmed down profile of the JBoss Enterprise Application Platform intended for mid-size workloads with light and rich Java applications. XML encryption backwards compatibility attacks were found against various frameworks, including Apache CXF. An attacker could force a server to use insecure, legacy cryptosystems, even when secure cryptosystems were enabled on endpoints. By forcing the use of legacy cryptosystems, flaws such as CVE-2011-1096 and CVE-2011-2487 would be exposed, allowing plain text to be recovered from cryptograms and symmetric keys. This issue affected both the JBoss Web Services CXF and JBoss Web Services Native stacks.