PT-2015-6791 · Red Hat · Red Hat Jboss Portal

Published

2015-08-11

Updated

2015-08-11

CVE-2015-5176

CVSS v2.0

5.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Red Hat JBoss Portal version 6.2.0

Description The issue is related to the PortletRequestDispatcher in PortletBridge, which does not properly enforce the security constraints of servlets. This allows remote attackers to gain access to resources via a request that asks to render a non-JSF resource.

Recommendations For Red Hat JBoss Portal version 6.2.0, consider restricting access to non-JSF resources as a temporary workaround until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-17

Related Identifiers

CVE-2015-5176

Affected Products

Red Hat Jboss Portal

PT-2015-6791 · Red Hat · Red Hat Jboss Portal

CVE-2015-5176

Weakness Enumeration

Related Identifiers

Affected Products

References · 2