RSS   Vulnerabilities for
'Jboss enterprise application server'
   RSS

2015-03-31
 
CVE-2015-2808

CWE-310
 

 
The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the "Bar Mitzvah" issue.

 
2013-03-15
 
CVE-2013-2566

CWE-310
 

 
The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.

 

 >>> Vendor: Jboss 10 Products
Jboss
JBPM
Jboss application server
SEAM
Enterprise application platform
Ironjacamar
Jboss enterprise application server
Red hat jboss data virtualization
Teiid
Jboss-remoting


Copyright 2019, cxsecurity.com

 

Back to Top