----BEGIN PGP SIGNED MESSAGE----
Another attack has emerged on the XML Encryption standard, as described by
the security advisory CVE-2011-2487:
Tibor Jager, Sebastian Schinzel and Juraj Somorovsky have published a paper
that describes a number of attacks on the PKCS#1 v1.5 Key Transport Algorithm,
used to encrypt symmetric keys as part of WS-Security. One of these attacks
exploits the fact that WSS4J can leak information about where a particular
decryption operation fails. This bug has been fixed in WSS4J 1.6.5, where a
new symmetric key is generated if the decryption of the encrypted key fails.
In this way it is not possible for an attacker to find out whether a decryption
failure was due to the failure of decrypting the key or the data.
Any version of CXF that uses Apache WSS4J 1.6.4 or below is vulnerable to this
CXF 2.5.2 users or below should upgrade to the latest version of CXF 2.5.x.
CXF 2.4.6 users or below should upgrade to the latest version of CXF 2.4.x.
CXF 2.6 and 2.7 are unaffected.
It is recommended that the use of the RSA v1.5 key transport algorithm be
discontinued. Instead the RSA-OAEP key transport algorithm should be used.
This algorithm is used by default from WSS4J 1.6.8 onwards. If you are using
WS-SecurityPolicy, then make sure not to use the AlgorithmSuite policies ending
----BEGIN PGP SIGNATURE----
Version: GnuPG v1.4.11 (GNU/Linux)
----END PGP SIGNATURE----