CVE-2011-2487: 
Java vulnerability analysis and mitigation

The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 was found to be susceptible to a Bleichenbacher attack. The vulnerability was discovered in 2011 and assigned identifier CVE-2011-2487. The affected systems included JBoss Enterprise Application Platform, JBoss Enterprise Web Platform, and Apache CXF implementations using WSS4J before version 1.6.5 (CVE Details, Apache CXF).

The vulnerability allowed JBoss Web Services to leak side-channel data when distributing symmetric keys for XML encryption. By exploiting the cryptographic weakness in the PKCS#1 v1.5 public key encryption scheme, an attacker could conduct chosen-encrypted-key attacks by examining differences in SOAP responses from the JBossWS server. This could lead to the recovery of the entire plaintext form of the distributed symmetric key (RedHat Bugzilla, RU Bochum Research).

A remote attacker could potentially recover the entire plaintext form of the symmetric key used to encrypt transmitted payload data within minutes to hours, depending on the attack scenario. This could lead to unauthorized access to encrypted communications and potential compromise of sensitive data protected by the XML encryption (Apache CXF).

The vulnerability was fixed in Apache WSS4J 1.6.5 by generating a new symmetric key if the decryption of the encrypted key fails, preventing attackers from determining whether decryption failure was due to the key or data. For affected systems that cannot be immediately upgraded, a workaround is to use the RSA-OAEP key wrap algorithm instead of the default RSA-v1.5 algorithm by editing the jboss-ws-security configuration file and adding the property keyWrapAlgorithm="rsa_oaep" to the encrypt element (Apache CXF).