Back to search
CVE-2011-4085
Published: Nov 23, 2012
Modified: Aug 6, 2024
PUBLISHED
Description
The servlets invoked by httpha-invoker in JBoss Enterprise Application Platform before 5.1.2, SOA Platform before 5.2.0, BRMS Platform before 5.3.0, and Portal Platform before 4.3 CP07 perform access control only for the GET and POST methods, which allow remote attackers to bypass authentication by sending a request with a different method. NOTE: this vulnerability exists because of a CVE-2010-0738 regression.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
RHSA-2012:1028
vendor-advisory
x_refsource_REDHAT
47866
third-party-advisory
x_refsource_SECUNIA
RHSA-2011:1805
vendor-advisory
x_refsource_REDHAT
RHSA-2011:1456
vendor-advisory
x_refsource_REDHAT
RHSA-2012:0091
vendor-advisory
x_refsource_REDHAT
RHSA-2011:1822
vendor-advisory
x_refsource_REDHAT
RHSA-2011:1799
vendor-advisory
x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=750422
x_refsource_MISC
RHSA-2011:1798
vendor-advisory
x_refsource_REDHAT
RHSA-2011:1800
vendor-advisory
x_refsource_REDHAT
47169
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now