Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4608

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2011-4608
Last Modified 02 Feb 2012 12:00:00
Published 27 Jan 2012 10:55:04
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-4608

Summary

mod_cluster in JBoss Enterprise Application Platform 5.1.2 for Red Hat Linux allows worker nodes to register with arbitrary virtual hosts, which allows remote attackers to bypass intended access restrictions and provide malicious content, hijack sessions, and steal credentials by registering from an external vhost that does not enforce security constraints.

Vulnerable Systems

Application

  • Redhat Jboss Enterprise Application Platform 5.1.2


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=767020

XF - jboss-modcluster-security-bypass(72460)

SECTRACK - 1026545

BID - 51554

REDHAT - RHSA-2012:0040

REDHAT - RHSA-2012:0039

REDHAT - RHSA-2012:0038

REDHAT - RHSA-2012:0037

REDHAT - RHSA-2012:0036

REDHAT - RHSA-2012:0035


Last Updated: 27 May 2016 10:58:07