----BEGIN PGP SIGNED MESSAGE----
Hash: SHA1

Another attack has emerged on the XML Encryption standard, as described by
the security advisory CVE-2011-2487:

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2487

Tibor Jager, Sebastian Schinzel and Juraj Somorovsky have published a paper
that describes a number of attacks on the PKCS#1 v1.5 Key Transport Algorithm,
used to encrypt symmetric keys as part of WS-Security. One of these attacks
exploits the fact that WSS4J can leak information about where a particular
decryption operation fails. This bug has been fixed in WSS4J 1.6.5, where a
new symmetric key is generated if the decryption of the encrypted key fails.
In this way it is not possible for an attacker to find out whether a decryption
failure was due to the failure of decrypting the key or the data.

Migration:

Any version of CXF that uses Apache WSS4J 1.6.4 or below is vulnerable to this
attack.

CXF 2.5.2 users or below should upgrade to the latest version of CXF 2.5.x.
CXF 2.4.6 users or below should upgrade to the latest version of CXF 2.4.x.
CXF 2.6 and 2.7 are unaffected.

Additional Recommendation:

It is recommended that the use of the RSA v1.5 key transport algorithm be
discontinued. Instead the RSA-OAEP key transport algorithm should be used.
This algorithm is used by default from WSS4J 1.6.8 onwards. If you are using
WS-SecurityPolicy, then make sure not to use the AlgorithmSuite policies ending
in "Rsa15".

----BEGIN PGP SIGNATURE----
Version: GnuPG v1.4.11 (GNU/Linux)

iQEcBAEBAgAGBQJQx1VvAAoJEGe/gLEK1TmD3AMH/jMHnkHEeSvehv951SSJiAQZ
jjrjzAMrBXn9577diGitmnlD/GFOqwJZlLGmVZSzy0A+yrshv/BF/n2iosWvBygI
a41XYvaJC3KmAQUFn/iwVZO3Axv3IVRsIQ1qrseXMcpjO7zIIN7wac5TePxXUb5Q
XAGGDFetezalF2/CG3Ye0bLsa3GEQN803QssTA651jz5MR64alaEoHKGZjyPucFA
R/D7Nbr/WP3Q6hoYJlKT0Ca6rPZScLWhiOHUM5Qgn6fd2OlhDKAKc2r82twqjWh/
l+uGiEioYOIGg/67g0r/s8Ax66DTX61Bueg7/xpTeZE7C81//EO4ch1/2YsrUPg=
=y5J/
----END PGP SIGNATURE----