PT-2012-1858 · Red Hat+2 · Red Hat Jboss Enterprise Application Platform+2

David Jorm

Publicado

2012-01-27

Atualizado

2022-05-17

CVE-2011-4314

CVSS v2.0

5.8

Média

Vetor

AV:N/AC:M/Au:N/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions OpenID4Java versions prior to 0.9.6 final JBoss Enterprise Application Platform versions prior to 5.1.2 Kay Framework versions prior to 1.0.2

Description The issue allows remote attackers to modify potentially sensitive Attribute Exchange (AX) information without detection via a man-in-the-middle (MITM) attack, as the message/ax/AxMessage.java in OpenID4Java does not verify that AX information is signed.

Recommendations For OpenID4Java versions prior to 0.9.6 final, update to version 0.9.6 final or later. For JBoss Enterprise Application Platform versions prior to 5.1.2, update to version 5.1.2 or later. For Kay Framework versions prior to 1.0.2, update to version 1.0.2 or later.

Correção

RCE

Insufficient Verification of Data Authenticity

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20CWE-345

Identificadores relacionados

CVE-2011-4314

GHSA-J473-C3RR-RX9P

RHSA-2011:1798

RHSA-2011:1799

RHSA-2011:1800

RHSA-2011:1802

RHSA-2011:1803

RHSA-2011:1804

Produtos afetados

Red Hat Jboss Enterprise Application Platform

Kay Framework

Openid4Java

PT-2012-1858 · Red Hat+2 · Red Hat Jboss Enterprise Application Platform+2

CVE-2011-4314

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 20