Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2908

Overview

Vulnerability Score 6.0 6.0
CVE Id CVE-2011-2908
Last Modified 06 Feb 2013 11:46:11
Published 23 Nov 2012 03:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2011-2908

Summary

Cross-site request forgery (CSRF) vulnerability in the JMX Console (jmx-console) in JBoss Enterprise Portal Platform before 5.2.2, BRMS Platform 5.3.0 before roll up patch1, and SOA Platform 5.3.0 allows remote authenticated users to hijack the authentication of arbitrary users for requests that perform operations on MBeans and possibly execute arbitrary code via unspecified vectors.

Vulnerable Systems

Application

  • Redhat Jboss Enterprise Brms Platform 5.3.0

  • Redhat Jboss Enterprise Portal Platform 5.0.0

  • Redhat Jboss Enterprise Portal Platform 5.0.1

  • Redhat Jboss Enterprise Portal Platform 5.1.0

  • Redhat Jboss Enterprise Portal Platform 5.1.1

  • Redhat Jboss Enterprise Portal Platform 5.2.0

  • Redhat Jboss Enterprise Portal Platform 5.2.1

  • Redhat Jboss Enterprise Soa Platform 5.3.0


References

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=730176

XF - jboss-jmx-console-csrf(77549)

BID - 54915

OSVDB - 84530

SECUNIA - 50549

SECUNIA - 50230

REDHAT - RHSA-2012:1232

REDHAT - RHSA-2012:1165

REDHAT - RHSA-2012:1152

SECUNIA - 51984

REDHAT - RHSA-2013:0198

REDHAT - RHSA-2013:0197

REDHAT - RHSA-2013:0196

REDHAT - RHSA-2013:0195

REDHAT - RHSA-2013:0194

REDHAT - RHSA-2013:0193

REDHAT - RHSA-2013:0192

REDHAT - RHSA-2013:0191


Last Updated: 27 May 2016 10:58:30