Back to search
CVE-2011-4605
Published: Nov 23, 2012
Modified: Aug 7, 2024
PUBLISHED
Description
The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly restrict write access, which allows remote attackers to add, delete, or modify items in a JNDI tree via unspecified vectors.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
1027501
vdb-entry
x_refsource_SECTRACK
49656
third-party-advisory
x_refsource_SECUNIA
RHSA-2012:1028
vendor-advisory
x_refsource_REDHAT
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=766469
x_refsource_MISC
49658
third-party-advisory
x_refsource_SECUNIA
RHSA-2012:1109
vendor-advisory
x_refsource_REDHAT
RHSA-2012:1025
vendor-advisory
x_refsource_REDHAT
50084
third-party-advisory
x_refsource_SECUNIA
RHSA-2012:1295
vendor-advisory
x_refsource_REDHAT
RHSA-2012:1027
vendor-advisory
x_refsource_REDHAT
54644
vdb-entry
x_refsource_BID
RHSA-2012:1026
vendor-advisory
x_refsource_REDHAT
50549
third-party-advisory
x_refsource_SECUNIA
RHSA-2012:1024
vendor-advisory
x_refsource_REDHAT
RHSA-2012:1232
vendor-advisory
x_refsource_REDHAT
RHSA-2012:1022
vendor-advisory
x_refsource_REDHAT
RHSA-2012:1023
vendor-advisory
x_refsource_REDHAT
RHSA-2012:1125
vendor-advisory
x_refsource_REDHAT
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now