Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4085

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2011-4085
Last Modified 05 Mar 2014 11:33:00
Published 23 Nov 2012 03:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-4085

Summary

The servlets invoked by httpha-invoker in JBoss Enterprise Application Platform before 5.1.2, SOA Platform before 5.2.0, BRMS Platform before 5.3.0, and Portal Platform before 4.3 CP07 perform access control only for the GET and POST methods, which allow remote attackers to bypass authentication by sending a request with a different method. NOTE: this vulnerability exists because of a CVE-2010-0738 regression.

Vulnerable Systems

Application

  • Redhat Jboss Enterprise Application Platform 4.2.0

  • Redhat Jboss Enterprise Application Platform 4.3.0

  • Redhat Jboss Enterprise Application Platform 5.0.0

  • Redhat Jboss Enterprise Application Platform 5.0.1

  • Redhat Jboss Enterprise Application Platform 5.1.0

  • Redhat Jboss Enterprise Application Platform 5.1.1

  • Redhat Jboss Enterprise Brms Platform 5.2.0

  • Redhat Jboss Enterprise Portal Platform 4.3.0

  • Redhat Jboss Enterprise Soa Platform 4.2.0

  • Redhat Jboss Enterprise Soa Platform 4.3.0

  • Redhat Jboss Enterprise Soa Platform 5.0.0

  • Redhat Jboss Enterprise Soa Platform 5.0.1

  • Redhat Jboss Enterprise Soa Platform 5.0.2

  • Redhat Jboss Enterprise Soa Platform 5.1.0

  • Redhat Jboss Enterprise Soa Platform 5.1.1


References

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=750422

SECUNIA - 47866

SECUNIA - 47169

REDHAT - RHSA-2012:1028

REDHAT - RHSA-2012:0091

REDHAT - RHSA-2011:1805

REDHAT - RHSA-2011:1800

REDHAT - RHSA-2011:1799

REDHAT - RHSA-2011:1798

REDHAT - RHSA-2011:1456

REDHAT - RHSA-2011:1822


Last Updated: 27 May 2016 10:58:30