CVE-2011-4608

Name of the Vulnerable Software and Affected Versions JBoss Enterprise Application Platform version 5.1.2

Description The issue allows worker nodes to register with arbitrary virtual hosts, enabling remote attackers to bypass intended access restrictions. This can lead to the provision of malicious content, session hijacking, and credential theft by registering from an external vhost that does not enforce security constraints.

Recommendations For JBoss Enterprise Application Platform version 5.1.2, consider restricting worker node registrations to only trusted virtual hosts to minimize the risk of exploitation. As a temporary workaround, restrict access to sensitive areas of the application until a more permanent solution is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.