Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2011-4085

The servlets invoked by httpha-invoker in JBoss Enterprise Application Platform before 5.1.2, SOA Platform before 5.2.0, BRMS Platform before 5.3.0, and Portal Platform before 4.3 CP07 perform access control only for the GET and POST methods, which allow remote attackers to bypass authentication by sending a request with a different method. NOTE: this vulnerability exists because of a CVE-2010-0738 regression.

Published

2012-11-23T20:55:01.867

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 6.8 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

8.6

Impact Score

6.4

Weaknesses
  • Type: Primary
    CWE-287
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application redhat jboss_enterprise_application_platform ≤ 5.1.1 Yes
Application redhat jboss_enterprise_application_platform 4.2.0 Yes
Application redhat jboss_enterprise_application_platform 4.3.0 Yes
Application redhat jboss_enterprise_application_platform 5.0.0 Yes
Application redhat jboss_enterprise_application_platform 5.0.1 Yes
Application redhat jboss_enterprise_application_platform 5.1.0 Yes
Application redhat jboss_enterprise_soa_platform ≤ 5.1.1 Yes
Application redhat jboss_enterprise_soa_platform 4.2.0 Yes
Application redhat jboss_enterprise_soa_platform 4.2.0 Yes
Application redhat jboss_enterprise_soa_platform 4.2.0 Yes
Application redhat jboss_enterprise_soa_platform 4.2.0 Yes
Application redhat jboss_enterprise_soa_platform 4.2.0 Yes
Application redhat jboss_enterprise_soa_platform 4.2.0 Yes
Application redhat jboss_enterprise_soa_platform 4.2.0 Yes
Application redhat jboss_enterprise_soa_platform 4.3.0 Yes
Application redhat jboss_enterprise_soa_platform 4.3.0 Yes
Application redhat jboss_enterprise_soa_platform 4.3.0 Yes
Application redhat jboss_enterprise_soa_platform 4.3.0 Yes
Application redhat jboss_enterprise_soa_platform 4.3.0 Yes
Application redhat jboss_enterprise_soa_platform 4.3.0 Yes
Application redhat jboss_enterprise_soa_platform 5.0.0 Yes
Application redhat jboss_enterprise_soa_platform 5.0.1 Yes
Application redhat jboss_enterprise_soa_platform 5.0.2 Yes
Application redhat jboss_enterprise_soa_platform 5.1.0 Yes
Application redhat jboss_enterprise_brms_platform ≤ 5.2.0 Yes
Application redhat jboss_enterprise_portal_platform ≤ 4.3.0 Yes
References