The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x prior to 5.2.2, and BRMS Platform prior to 5.3.0 do not properly restrict write access, which allows remote malicious users to add, delete, or modify items in a JNDI tree via unspecified vectors.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat jboss enterprise application platform 4.3.0 |
||
redhat jboss enterprise application platform 5.1.2 |
||
redhat jboss enterprise web platform 5.1.2 |
||
redhat jboss enterprise portal platform 5.2.1 |
||
redhat jboss enterprise portal platform 4.3.0 |
||
redhat jboss enterprise brms platform |
||
redhat jboss enterprise soa platform 4.2.0 |
||
redhat jboss enterprise portal platform 5.2.0 |
||
redhat jboss enterprise soa platform 4.3.0 |