Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4608


Vulnerability Score 7.5 7.5
CVE Id CVE-2011-4608
Last Modified 02 Feb 2012 12:00:00
Published 27 Jan 2012 10:55:04
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



mod_cluster in JBoss Enterprise Application Platform 5.1.2 for Red Hat Linux allows worker nodes to register with arbitrary virtual hosts, which allows remote attackers to bypass intended access restrictions and provide malicious content, hijack sessions, and steal credentials by registering from an external vhost that does not enforce security constraints.

Vulnerable Systems


  • Redhat Jboss Enterprise Application Platform 5.1.2



XF - jboss-modcluster-security-bypass(72460)

SECTRACK - 1026545

BID - 51554

REDHAT - RHSA-2012:0040

REDHAT - RHSA-2012:0039

REDHAT - RHSA-2012:0038

REDHAT - RHSA-2012:0037

REDHAT - RHSA-2012:0036

REDHAT - RHSA-2012:0035

Last Updated: 27 May 2016 10:58:07