PT-2015-6120 · Red Hat · Red Hat Jboss Portal

Published

2015-07-16

Updated

2016-11-28

CVE-2015-3244

CVSS v2.0

4.9

Medium

Vector

AV:N/AC:M/Au:S/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Red Hat JBoss Portal version 6.2.0

Description The issue allows remote attackers to obtain sensitive information via a URL with a modified resource ID, due to improper restriction of access to restricted resources in the Portlet Bridge for JavaServer Faces when used in portlets with the default resource serving for GenericPortlet.

Recommendations For Red Hat JBoss Portal version 6.2.0, update the configuration to properly restrict access to restricted resources, or apply a patch if available, to prevent remote attackers from obtaining sensitive information.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2015-3244

Affected Products

Red Hat Jboss Portal

PT-2015-6120 · Red Hat · Red Hat Jboss Portal

CVE-2015-3244

Weakness Enumeration

Related Identifiers

Affected Products

References · 5