Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2011-4085

Published: 23/11/2012 Updated: 07/11/2023
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Redhat

Vulnerability Summary

The servlets invoked by httpha-invoker in JBoss Enterprise Application Platform prior to 5.1.2, SOA Platform prior to 5.2.0, BRMS Platform prior to 5.3.0, and Portal Platform prior to 4.3 CP07 perform access control only for the GET and POST methods, which allow remote malicious users to bypass authentication by sending a request with a different method. NOTE: this vulnerability exists because of a CVE-2010-0738 regression.

Vulnerable Product Search on Vulmon Subscribe to Product

redhat jboss enterprise application platform 4.3.0

redhat jboss enterprise application platform 5.0.1

redhat jboss enterprise application platform 5.1.0

redhat jboss enterprise application platform 4.2.0

redhat jboss enterprise application platform

redhat jboss enterprise application platform 5.0.0

redhat jboss enterprise soa platform 4.3.0

redhat jboss enterprise soa platform 4.2.0

redhat jboss enterprise soa platform 5.0.2

redhat jboss enterprise soa platform 5.0.1

redhat jboss enterprise soa platform 5.1.0

redhat jboss enterprise soa platform

redhat jboss enterprise soa platform 5.0.0

redhat jboss enterprise brms platform

redhat jboss enterprise portal platform

Vendor Advisories

Red Hat: Low: JBoss Enterprise Application Platform 5.1.2 update
Synopsis Low: JBoss Enterprise Application Platform 512 update Type/Severity Security Advisory: Low Topic Updated JBoss Enterprise Application Platform 512 packages that fix twosecurity issues, various bugs, and add several enhancements are nowavailable for Red Hat Enterprise Linux 5The Red Hat Securit ...
Red Hat: Moderate: JBoss Enterprise Portal Platform 5.2.0 update
Synopsis Moderate: JBoss Enterprise Portal Platform 520 update Type/Severity Security Advisory: Moderate Topic JBoss Enterprise Portal Platform 520, which fixes multiple securityissues, various bugs, and adds enhancements is now available from the RedHat Customer PortalThe Red Hat Security Response Tea ...
Red Hat: Low: JBoss Enterprise Application Platform 5.1.2 update
Synopsis Low: JBoss Enterprise Application Platform 512 update Type/Severity Security Advisory: Low Topic Updated JBoss Enterprise Application Platform 512 packages that fix twosecurity issues, various bugs, and add several enhancements are nowavailable for Red Hat Enterprise Linux 6The Red Hat Securit ...

Exploits

Exploit DB: Red Hat Security Advisory 2011-1798-01
Red Hat Security Advisory 2011-1798-01 - JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam OpenID4Java allows you to implement OpenID authentication in your Java applications OpenID4Java is a Technology Preview This JBoss Enterprise Applica ...

References

CWE-287http://rhn.redhat.com/errata/RHSA-2011-1800.htmlhttp://rhn.redhat.com/errata/RHSA-2012-1028.htmlhttp://secunia.com/advisories/47866http://rhn.redhat.com/errata/RHSA-2011-1799.htmlhttp://rhn.redhat.com/errata/RHSA-2012-0091.htmlhttp://rhn.redhat.com/errata/RHSA-2011-1805.htmlhttp://rhn.redhat.com/errata/RHSA-2011-1798.htmlhttp://secunia.com/advisories/47169http://rhn.redhat.com/errata/RHSA-2011-1456.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=750422http://rhn.redhat.com/errata/RHSA-2011-1822.htmlhttps://nvd.nist.govhttps://access.redhat.com/errata/RHSA-2011:1799
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook