Published: 23/11/2012 Updated: 13/02/2023

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x prior to 5.2.2, and BRMS Platform prior to 5.3.0 do not properly restrict write access, which allows remote malicious users to add, delete, or modify items in a JNDI tree via unspecified vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat jboss enterprise application platform 4.3.0
redhat jboss enterprise application platform 5.1.2
redhat jboss enterprise web platform 5.1.2
redhat jboss enterprise portal platform 5.2.1
redhat jboss enterprise portal platform 4.3.0
redhat jboss enterprise brms platform
redhat jboss enterprise soa platform 4.2.0
redhat jboss enterprise portal platform 5.2.0
redhat jboss enterprise soa platform 4.3.0

Debian Bug report logs - #655495 CVE-2011-4605: DoS Package: src:activemq; Maintainer for src:activemq is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Wed, 11 Jan 2012 17:39:01 UTC Severity: grave Tags: security Fixed in version active ...

Synopsis Important: jbossas and jboss-naming security update Type/Severity Security Advisory: Important Topic Updated jbossas and jboss-naming packages that fix two security issues arenow available for JBoss Enterprise Application Platform 512 for Red HatEnterprise Linux 4, 5, and 6The Red Hat Security R ...

Synopsis Important: jbossas-web and jboss-naming security update Type/Severity Security Advisory: Important Topic Updated jbossas-web and jboss-naming packages that fix two security issuesare now available for JBoss Enterprise Web Platform 512 for Red HatEnterprise Linux 4, 5, and 6The Red Hat Security R ...

Synopsis Important: jbossas security update Type/Severity Security Advisory: Important Topic Updated jbossas packages that fix one security issue are now available forJBoss Enterprise Application Platform 430 CP10 for Red HatEnterprise Linux 4 and 5The Red Hat Security Response Team has rated this update ...

CVE-2011-4605

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect