The servlets invoked by httpha-invoker in JBoss Enterprise Application Platform before 5.1.2, SOA Platform before 5.2.0, BRMS Platform before 5.3.0, and Portal Platform before 4.3 CP07 perform access control only for the GET and POST methods, which allow remote attackers to bypass authentication by sending a request with a different method. NOTE: this vulnerability exists because of a CVE-2010-0738 regression.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
21 Nov 2024, 01:31
Type | Values Removed | Values Added |
---|---|---|
References | () http://rhn.redhat.com/errata/RHSA-2011-1456.html - Vendor Advisory | |
References | () http://rhn.redhat.com/errata/RHSA-2011-1798.html - Vendor Advisory | |
References | () http://rhn.redhat.com/errata/RHSA-2011-1799.html - Vendor Advisory | |
References | () http://rhn.redhat.com/errata/RHSA-2011-1800.html - Vendor Advisory | |
References | () http://rhn.redhat.com/errata/RHSA-2011-1805.html - Vendor Advisory | |
References | () http://rhn.redhat.com/errata/RHSA-2011-1822.html - | |
References | () http://rhn.redhat.com/errata/RHSA-2012-0091.html - Vendor Advisory | |
References | () http://rhn.redhat.com/errata/RHSA-2012-1028.html - Vendor Advisory | |
References | () http://secunia.com/advisories/47169 - Vendor Advisory | |
References | () http://secunia.com/advisories/47866 - Vendor Advisory | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=750422 - |
07 Nov 2023, 02:09
Type | Values Removed | Values Added |
---|---|---|
Summary | The servlets invoked by httpha-invoker in JBoss Enterprise Application Platform before 5.1.2, SOA Platform before 5.2.0, BRMS Platform before 5.3.0, and Portal Platform before 4.3 CP07 perform access control only for the GET and POST methods, which allow remote attackers to bypass authentication by sending a request with a different method. NOTE: this vulnerability exists because of a CVE-2010-0738 regression. |
Information
Published : 2012-11-23 20:55
Updated : 2024-11-21 01:31
NVD link : CVE-2011-4085
Mitre link : CVE-2011-4085
CVE.ORG link : CVE-2011-4085
JSON object : View
Products Affected
redhat
- jboss_enterprise_application_platform
- jboss_enterprise_brms_platform
- jboss_enterprise_portal_platform
- jboss_enterprise_soa_platform
CWE
CWE-287
Improper Authentication