PT-2012-1801 · Red Hat · Jboss Soa Platform+3
David Jorm
·
Published
2012-11-23
·
Updated
2023-02-13
·
CVE-2011-4085
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
JBoss Enterprise Application Platform versions prior to 5.1.2
JBoss SOA Platform versions prior to 5.2.0
JBoss BRMS Platform versions prior to 5.3.0
JBoss Portal Platform versions prior to 4.3 CP07
Description
The issue allows remote attackers to bypass authentication in JBoss platforms by sending a request with a method other than GET or POST, due to inadequate access control.
Recommendations
For JBoss Enterprise Application Platform versions prior to 5.1.2, update to version 5.1.2 or later.
For JBoss SOA Platform versions prior to 5.2.0, update to version 5.2.0 or later.
For JBoss BRMS Platform versions prior to 5.3.0, update to version 5.3.0 or later.
For JBoss Portal Platform versions prior to 4.3 CP07, update to version 4.3 CP07 or later.
Fix
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jboss Brms Platform
Red Hat Jboss Enterprise Application Platform
Jboss Portal Platform
Jboss Soa Platform