NVD

Id
10615  
Name
CVE-2011-4085  
Description
The servlets invoked by httpha-invoker in JBoss Enterprise Application Platform before 5.1.2, SOA Platform before 5.2.0, BRMS Platform before 5.3.0, and Portal Platform before 4.3 CP07 perform access control only for the GET and POST methods, which allow remote attackers to bypass authentication by sending a request with a different method. NOTE: this vulnerability exists because of a CVE-2010-0738 regression.  
Reject
 
CVSS Version
2  
CVSS Score
6.8  
Severity
Medium  
CVSS Base Score
6.8  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-07  
Published
2012-11-23  
Modified Date
2014-03-05  
Seq
2011-4085  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
59987 10615 CVE-2011-4085 RHSA-2011:1456  View
59988 10615 CVE-2011-4085 RHSA-2011:1798  View
59989 10615 CVE-2011-4085 RHSA-2011:1799  View
59990 10615 CVE-2011-4085 RHSA-2011:1800  View
59991 10615 CVE-2011-4085 RHSA-2011:1805  View
59992 10615 CVE-2011-4085 RHSA-2011:1822  View
59993 10615 CVE-2011-4085 RHSA-2012:0091  View
59994 10615 CVE-2011-4085 RHSA-2012:1028  View
59995 10615 CVE-2011-4085 https://bugzilla.redhat.com/show_bug.cgi?id=750422  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
34956 JVNDB-2011-005198 複数の JBoss Enterprise 製品における認証を回避される脆弱性 複数の JBoss Enterprise 製品の httpha-invoker により呼び出されるサーブレットは、GET および POST メソッドに対してのみアクセス制御を実行するため、認証を回避される脆弱性が存在します。 CVE-2011-4085 51992 CVE-2011-4085 10615 6.8 http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-005198.html 2011-11-16 2012-11-27 View