The Java Portlet Specification JSR286 API jar file code could allow a remote attacker to obtain sensitive information, caused by the failure to restrict access to resources located within the web application. An attacker could exploit this vulnerability to obtain configuration data and other sensitive information.
Find out more about CVE-2015-1926 from the MITRE CVE dictionary dictionary and NIST NVD.
CVE-2015-1926 did not affect JBoss Portal Platform as provided by Red Hat. For further detail, refer to the knowledge base article at https://access.redhat.com/solutions/1488163
Platform | Package | State |
---|---|---|
Red Hat JBoss Portal Platform 6 | portlet | Not affected |