6.8

CVE-2011-4085

EPSS 0.34%
Published 23.11.2012 20:55:01
Last modified 11.04.2025 00:51:21
Source secalert@redhat.com
Teams watchlist Login
Open Login

The servlets invoked by httpha-invoker in JBoss Enterprise Application Platform before 5.1.2, SOA Platform before 5.2.0, BRMS Platform before 5.3.0, and Portal Platform before 4.3 CP07 perform access control only for the GET and POST methods, which allow remote attackers to bypass authentication by sending a request with a different method.  NOTE: this vulnerability exists because of a CVE-2010-0738 regression.

Affected products Warnungen 0 Metrics 2 CWE 1 References 14

Data is provided by the National Vulnerability Database (NVD)

Redhat ≫ Jboss Enterprise Application Platform Version <= 5.1.1

Redhat ≫ Jboss Enterprise Application Platform Version4.2.0

Redhat ≫ Jboss Enterprise Application Platform Version4.3.0

Redhat ≫ Jboss Enterprise Application Platform Version5.0.0

Redhat ≫ Jboss Enterprise Application Platform Version5.0.1

Redhat ≫ Jboss Enterprise Application Platform Version5.1.0

Redhat ≫ Jboss Enterprise Soa Platform Version <= 5.1.1

Redhat ≫ Jboss Enterprise Soa Platform Version4.2.0

Redhat ≫ Jboss Enterprise Soa Platform Version4.2.0 Updatecp01

Redhat ≫ Jboss Enterprise Soa Platform Version4.2.0 Updatecp02

Redhat ≫ Jboss Enterprise Soa Platform Version4.2.0 Updatecp03

Redhat ≫ Jboss Enterprise Soa Platform Version4.2.0 Updatecp04

Redhat ≫ Jboss Enterprise Soa Platform Version4.2.0 Updatecp05

Redhat ≫ Jboss Enterprise Soa Platform Version4.2.0 Updatetp02

Redhat ≫ Jboss Enterprise Soa Platform Version4.3.0

Redhat ≫ Jboss Enterprise Soa Platform Version4.3.0 Updatecp01

Redhat ≫ Jboss Enterprise Soa Platform Version4.3.0 Updatecp02

Redhat ≫ Jboss Enterprise Soa Platform Version4.3.0 Updatecp03

Redhat ≫ Jboss Enterprise Soa Platform Version4.3.0 Updatecp04

Redhat ≫ Jboss Enterprise Soa Platform Version4.3.0 Updatecp05

Redhat ≫ Jboss Enterprise Soa Platform Version5.0.0

Redhat ≫ Jboss Enterprise Soa Platform Version5.0.1

Redhat ≫ Jboss Enterprise Soa Platform Version5.0.2

Redhat ≫ Jboss Enterprise Soa Platform Version5.1.0

Redhat ≫ Jboss Enterprise Brms Platform Version <= 5.2.0

Redhat ≫ Jboss Enterprise Portal Platform Version <= 4.3.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.34%	0.557

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://rhn.redhat.com/errata/RHSA-2011-1456.html

Vendor Advisory

http://rhn.redhat.com/errata/RHSA-2011-1798.html

Vendor Advisory

http://rhn.redhat.com/errata/RHSA-2011-1799.html

Vendor Advisory

http://rhn.redhat.com/errata/RHSA-2011-1800.html

Vendor Advisory

http://rhn.redhat.com/errata/RHSA-2011-1805.html

Vendor Advisory

http://rhn.redhat.com/errata/RHSA-2011-1822.html

http://rhn.redhat.com/errata/RHSA-2012-0091.html

Vendor Advisory

http://rhn.redhat.com/errata/RHSA-2012-1028.html

Vendor Advisory

http://secunia.com/advisories/47169

Vendor Advisory

http://secunia.com/advisories/47866

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=750422

https://nvd.nist.gov/vuln/detail/CVE-2011-4085

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2011-4085

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2011-4085

EUVD