CVE-2011-4085
Published Nov 23, 2012
Last updated a year ago
Overview
- Description
- The servlets invoked by httpha-invoker in JBoss Enterprise Application Platform before 5.1.2, SOA Platform before 5.2.0, BRMS Platform before 5.3.0, and Portal Platform before 4.3 CP07 perform access control only for the GET and POST methods, which allow remote attackers to bypass authentication by sending a request with a different method. NOTE: this vulnerability exists because of a CVE-2010-0738 regression.
- Source
- secalert@redhat.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 6.4
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-287
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "60667D6C-1F8D-4C09-8033-CA168AFE5C77",
"versionEndIncluding": "5.1.1"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9164BEAF-B1D5-4E65-A6CE-F985799467CB"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E82B2AD8-967D-4ABE-982B-87B9DE73F8D6"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F5D7F1AD-4BD3-4C37-B6B5-B287464B2EEB"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "76D8FCD1-55D5-4187-87DD-39904EDE2EF8"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "972C5C87-E982-44A5-866D-FDEACB5203B8"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B3AD4BE1-9D62-460A-A1F2-A86B4E0F8B5F",
"versionEndIncluding": "5.1.1"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CDEABE3E-DC3E-4B98-8433-4308BBEE6F26"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.2.0:cp01:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "70942A41-9089-4313-8B00-5CB92518A349"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.2.0:cp02:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "093F7EA4-B190-49A5-AF55-42D4F960EEFE"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.2.0:cp03:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "75CBF063-6986-4217-BC8E-661B5167AB2A"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.2.0:cp04:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3F6528B6-1147-4366-8F81-8B380903EAA6"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.2.0:cp05:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4EF1898E-1A25-442B-865F-1C27B9E5F0D1"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.2.0:tp02:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "92953D9C-8FF0-4499-A4A4-3B05696D326E"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C57B8004-AF15-4F0F-B9FA-A3CFF7BD42DE"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.3.0:cp01:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "66F4FC45-CF67-44E4-96CA-31B537151C7E"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.3.0:cp02:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E7CF5F63-C7A8-4787-9620-F5B76A9F0F3E"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.3.0:cp03:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9BCA6581-3C94-4B1B-B30F-E0B854A68968"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.3.0:cp04:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "23F0650B-C39D-4C7D-8BB9-BBA951BA8AAE"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.3.0:cp05:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "67BD448A-745D-4387-ABC8-A18DF142574D"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:5.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DFB8FED0-E0C6-409C-A2D8-B3999265D545"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:5.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DFC497FD-503A-463B-A75E-9C4B9B716521"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:5.0.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A8F224EE-A5A1-490B-91A5-0196B4168F32"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:5.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2B72D56E-DE3C-4383-906D-F3DCD9D09CC9"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_brms_platform:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E867ECA4-43A5-4424-B703-437991A1C58A",
"versionEndIncluding": "5.2.0"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_portal_platform:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "595BFB46-AD92-4592-A1BC-EFC80C9136C3",
"versionEndIncluding": "4.3.0"
}
],
"operator": "OR"
}
]
}
]