The servlets invoked by httpha-invoker in JBoss Enterprise Application Platform prior to 5.1.2, SOA Platform prior to 5.2.0, BRMS Platform prior to 5.3.0, and Portal Platform prior to 4.3 CP07 perform access control only for the GET and POST methods, which allow remote malicious users to bypass authentication by sending a request with a different method. NOTE: this vulnerability exists because of a CVE-2010-0738 regression.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat jboss enterprise application platform 4.3.0 |
||
redhat jboss enterprise application platform 5.0.1 |
||
redhat jboss enterprise application platform 5.1.0 |
||
redhat jboss enterprise application platform 4.2.0 |
||
redhat jboss enterprise application platform |
||
redhat jboss enterprise application platform 5.0.0 |
||
redhat jboss enterprise soa platform 4.3.0 |
||
redhat jboss enterprise soa platform 4.2.0 |
||
redhat jboss enterprise soa platform 5.0.2 |
||
redhat jboss enterprise soa platform 5.0.1 |
||
redhat jboss enterprise soa platform 5.1.0 |
||
redhat jboss enterprise soa platform |
||
redhat jboss enterprise soa platform 5.0.0 |
||
redhat jboss enterprise brms platform |
||
redhat jboss enterprise portal platform |