PT-2015-6791 · Red Hat · Red Hat Jboss Portal
Publicado
2015-08-11
·
Atualizado
2015-08-11
·
CVE-2015-5176
CVSS v2.0
5.8
Média
| Vetor | AV:N/AC:M/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Red Hat JBoss Portal version 6.2.0
Description
The issue is related to the PortletRequestDispatcher in PortletBridge, which does not properly enforce the security constraints of servlets. This allows remote attackers to gain access to resources via a request that asks to render a non-JSF resource.
Recommendations
For Red Hat JBoss Portal version 6.2.0, consider restricting access to non-JSF resources as a temporary workaround until a patch is available.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Red Hat Jboss Portal