what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 8 of 8 RSS Feed

CVE-2011-4085

Status Candidate

Overview

The servlets invoked by httpha-invoker in JBoss Enterprise Application Platform before 5.1.2, SOA Platform before 5.2.0, BRMS Platform before 5.3.0, and Portal Platform before 4.3 CP07 perform access control only for the GET and POST methods, which allow remote attackers to bypass authentication by sending a request with a different method. NOTE: this vulnerability exists because of a CVE-2010-0738 regression.

Related Files

Red Hat Security Advisory 2012-1028-01
Posted Jun 22, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1028-01 - JBoss Enterprise BRMS Platform is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. The Java Naming and Directory Interface Java API allows Java software clients to locate objects or services in an application server. This release of JBoss Enterprise BRMS Platform 5.3.0 serves as a replacement for JBoss Enterprise BRMS Platform 5.2.0. It includes various bug fixes and enhancements which are detailed in the JBoss Enterprise BRMS Platform 5.3.0 Release Notes.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2011-4085, CVE-2011-4605, CVE-2012-2377
SHA-256 | f5a6eab4adeb9bde444f861593d0766d2577f80b17b7949872cefc121c3995e8
Red Hat Security Advisory 2012-0091-01
Posted Feb 3, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0091-01 - JBoss Enterprise Portal Platform is the open source implementation of the Java EE suite of services and Portal services running atop JBoss Enterprise Application Platform. It comprises a set of offerings for enterprise customers who are looking for pre-configured profiles of JBoss Enterprise Middleware components that have been tested and certified together to provide an integrated experience. This JBoss Enterprise Portal Platform 4.3 CP07 release serves as a replacement for JBoss Enterprise Portal Platform 4.3 CP06.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2011-1184, CVE-2011-1484, CVE-2011-2526, CVE-2011-4085, CVE-2011-4858, CVE-2011-5062, CVE-2011-5063, CVE-2011-5064
SHA-256 | 8d477b129cade9168945756f320e10f89d8e0cf7bba8bf7336e147cc0e23f36a
Red Hat Security Advisory 2011-1822-01
Posted Dec 15, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1822-01 - JBoss Enterprise Portal Platform is the open source implementation of the Java EE suite of services and Portal services running atop JBoss Enterprise Application Platform. It comprises a set of offerings for enterprise customers who are looking for pre-configured profiles of JBoss Enterprise Middleware components that have been tested and certified together to provide an integrated experience. This release of JBoss Enterprise Portal Platform 5.2.0 serves as a replacement for JBoss Enterprise Portal Platform 5.1.1, and includes bug fixes and enhancements.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2011-2941, CVE-2011-4085, CVE-2011-4580
SHA-256 | 82ea083ba0199172dd69274928ff1dcc5d9cb1f40e65fb4772f8d34ce98bdf81
Red Hat Security Advisory 2011-1805-01
Posted Dec 9, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1805-01 - JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. OpenID4Java allows you to implement OpenID authentication in your Java applications. OpenID4Java is a Technology Preview. This JBoss Enterprise Application Platform 5.1.2 release serves as a replacement for JBoss Enterprise Application Platform 5.1.1, and includes bug fixes and enhancements.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2011-4085, CVE-2011-4314
SHA-256 | e102b2993feb3ea95fda9bc50278c18a0dfcbc7e268626d26408a2a0f75fa2e2
Red Hat Security Advisory 2011-1800-01
Posted Dec 8, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1800-01 - JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. OpenID4Java allows you to implement OpenID authentication in your Java applications. OpenID4Java is a Technology Preview. This JBoss Enterprise Application Platform 5.1.2 release for Red Hat Enterprise Linux 4 serves as a replacement for JBoss Enterprise Application Platform 5.1.1. These updated packages include bug fixes and enhancements.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2011-4085, CVE-2011-4314
SHA-256 | f41e0e59862059ec69d282b7aabd6a45c7f8e0c893c2c998ac588c29510865d2
Red Hat Security Advisory 2011-1799-01
Posted Dec 8, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1799-01 - JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. OpenID4Java allows you to implement OpenID authentication in your Java applications. OpenID4Java is a Technology Preview. This JBoss Enterprise Application Platform 5.1.2 release for Red Hat Enterprise Linux 5 serves as a replacement for JBoss Enterprise Application Platform 5.1.1. These updated packages include bug fixes and enhancements.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2011-4085, CVE-2011-4314
SHA-256 | 75815dbfc47896a7ab8f8d971a9c619785c6b757663a1cb4e4651a5180788493
Red Hat Security Advisory 2011-1798-01
Posted Dec 8, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1798-01 - JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. OpenID4Java allows you to implement OpenID authentication in your Java applications. OpenID4Java is a Technology Preview. This JBoss Enterprise Application Platform 5.1.2 release for Red Hat Enterprise Linux 6 serves as a replacement for JBoss Enterprise Application Platform 5.1.1. These updated packages include bug fixes and enhancements.

tags | exploit, java
systems | linux, redhat
advisories | CVE-2011-4085, CVE-2011-4314
SHA-256 | a2a81f8c718a7723612e5ed9c9366747cb68843e8a1c571e228cd26c12fbd2db
Red Hat Security Advisory 2011-1456-01
Posted Nov 17, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1456-01 - JBoss Enterprise SOA Platform 5.2.0, which fixes two security issues, various bugs, and adds enhancements is now available from the Red Hat Customer Portal. A cross site scripting vulnerability was found in JRuby. It was found that the invoker servlets, deployed by default via httpha-invoker, only performed access control on the HTTP GET and POST methods, allowing remote attackers to make unauthenticated requests by using different HTTP methods.

tags | advisory, remote, web, xss
systems | linux, redhat
advisories | CVE-2010-1330, CVE-2011-4085
SHA-256 | 4f09ed673fadcf7173dc16bfee24fd4db8403b3cc1f7cbbfd04c636f43183459
Page 1 of 1
Back1Next

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close