The PortletRequestDispatcher in PortletBridge, as used in Red Hat JBoss Portal 6.2.0, does not properly enforce the security constraints of servlets, which allows remote malicious users to gain access to resources via a request that asks to render a non-JSF resource.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat jboss portal 6.2.0 |