• Все разделы
  • Статьи
  • Медиа
  • Новости
  • Нормативные материалы
  • Конференции
  • Глоссарий

Note 1684632 - Potential information disclosure XML Encrypted SOAP messages

Главная Специалистам База уязвимостей Note 1684632 - Potential information disclosure XML Encrypted SOAP messages

Карточка уязвимости

Характеристики уязвимости

Уровень опасности
Оценка CVSS
(AV:N/AC:M/AU:N/C:P/I:N/A:N)
Производитель ПО
SAP
Наименование ПО
SAP Notes (1684632-6) SAP Support Packages (ENGINEAPI_710_SP011_000010, ENGINEAPI_710_SP012_000006, ENGINEAPI_710_SP013_000003, ENGINEAPI_710_SP014_000001, ENGINEAPI_710_SP015_000000, ENGINEAPI_710_SP999999_999999, ENGINEAPI_711_SP006_000010, ENGINEAPI_711_SP007_000008, ENGINEAPI_711_SP008_000005, ENGINEAPI_711_SP009_000001, ENGINEAPI_711_SP010_000000, ENGINEAPI_711_SP999999_999999, ENGINEAPI_720_SP004_000015, ENGINEAPI_720_SP005_000010, ENGINEAPI_720_SP006_000006, ENGINEAPI_720_SP007_000000, ENGINEAPI_720_SP008_000000, ENGINEAPI_720_SP999999_999999, ENGINEAPI_730_SP001_000009, ENGINEAPI_730_SP002_000005, ENGINEAPI_730_SP003_000010, ENGINEAPI_730_SP004_000008, ENGINEAPI_730_SP005_000007, ENGINEAPI_730_SP007_000000, ENGINEAPI_730_SP008_000000, ENGINEAPI_730_SP999999_999999, ENGINEAPI_731_SP001_000004, ENGINEAPI_731_SP002_000002, ENGINEAPI_731_SP003_000000, ENGINEAPI_731_SP004_000000, ENGINEAPI_731_SP999999_999999)
Описание
Web services configured to use XML Encryption. Web services using SSL are not affected.
Как исправить
Apply the latest hot fix if your system is affected and you are using XML Encryption. As an alternative, you may reconfigure the affected web services to use SSL for transport protection instead of XML Encryption. To change the cache size for black listed keys and data for standard CBC attack system property "com.sap.xml.security.cbcprotection.size" with integer value can be used. By default its value is 100.
Ссылки