what you don't know can hurt you
Showing 1 - 8 of 8 RSS Feed

CVE-2011-4085

Status Candidate

Overview

The servlets invoked by httpha-invoker in JBoss Enterprise Application Platform before 5.1.2, SOA Platform before 5.2.0, BRMS Platform before 5.3.0, and Portal Platform before 4.3 CP07 perform access control only for the GET and POST methods, which allow remote attackers to bypass authentication by sending a request with a different method. NOTE: this vulnerability exists because of a CVE-2010-0738 regression.

Related Files

Red Hat Security Advisory 2012-1028-01
Posted Jun 22, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1028-01 - JBoss Enterprise BRMS Platform is a business rules management system for the management, storage, creation, modification, and deployment of JBoss Rules. The Java Naming and Directory Interface Java API allows Java software clients to locate objects or services in an application server. This release of JBoss Enterprise BRMS Platform 5.3.0 serves as a replacement for JBoss Enterprise BRMS Platform 5.2.0. It includes various bug fixes and enhancements which are detailed in the JBoss Enterprise BRMS Platform 5.3.0 Release Notes.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2011-4085, CVE-2011-4605, CVE-2012-2377
MD5 | f4223462f7d2e9bd3b1bd17e95346ce5
Red Hat Security Advisory 2012-0091-01
Posted Feb 3, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0091-01 - JBoss Enterprise Portal Platform is the open source implementation of the Java EE suite of services and Portal services running atop JBoss Enterprise Application Platform. It comprises a set of offerings for enterprise customers who are looking for pre-configured profiles of JBoss Enterprise Middleware components that have been tested and certified together to provide an integrated experience. This JBoss Enterprise Portal Platform 4.3 CP07 release serves as a replacement for JBoss Enterprise Portal Platform 4.3 CP06.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2011-1184, CVE-2011-1484, CVE-2011-2526, CVE-2011-4085, CVE-2011-4858, CVE-2011-5062, CVE-2011-5063, CVE-2011-5064
MD5 | bf5f51c283d9d06bc3d3f263b6added9
Red Hat Security Advisory 2011-1822-01
Posted Dec 15, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1822-01 - JBoss Enterprise Portal Platform is the open source implementation of the Java EE suite of services and Portal services running atop JBoss Enterprise Application Platform. It comprises a set of offerings for enterprise customers who are looking for pre-configured profiles of JBoss Enterprise Middleware components that have been tested and certified together to provide an integrated experience. This release of JBoss Enterprise Portal Platform 5.2.0 serves as a replacement for JBoss Enterprise Portal Platform 5.1.1, and includes bug fixes and enhancements.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2011-2941, CVE-2011-4085, CVE-2011-4580
MD5 | 66e2207e56e73bb32b6ceed668a9871e
Red Hat Security Advisory 2011-1805-01
Posted Dec 9, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1805-01 - JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. OpenID4Java allows you to implement OpenID authentication in your Java applications. OpenID4Java is a Technology Preview. This JBoss Enterprise Application Platform 5.1.2 release serves as a replacement for JBoss Enterprise Application Platform 5.1.1, and includes bug fixes and enhancements.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2011-4085, CVE-2011-4314
MD5 | d47310fc72dba015da5a0d02adef0a41
Red Hat Security Advisory 2011-1800-01
Posted Dec 8, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1800-01 - JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. OpenID4Java allows you to implement OpenID authentication in your Java applications. OpenID4Java is a Technology Preview. This JBoss Enterprise Application Platform 5.1.2 release for Red Hat Enterprise Linux 4 serves as a replacement for JBoss Enterprise Application Platform 5.1.1. These updated packages include bug fixes and enhancements.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2011-4085, CVE-2011-4314
MD5 | 296f00f98530195c6dde94e22d9abf79
Red Hat Security Advisory 2011-1799-01
Posted Dec 8, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1799-01 - JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. OpenID4Java allows you to implement OpenID authentication in your Java applications. OpenID4Java is a Technology Preview. This JBoss Enterprise Application Platform 5.1.2 release for Red Hat Enterprise Linux 5 serves as a replacement for JBoss Enterprise Application Platform 5.1.1. These updated packages include bug fixes and enhancements.

tags | advisory, java
systems | linux, redhat
advisories | CVE-2011-4085, CVE-2011-4314
MD5 | 793b887b9a50c55fbd66bf3a7083b713
Red Hat Security Advisory 2011-1798-01
Posted Dec 8, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1798-01 - JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernate and JBoss Seam. OpenID4Java allows you to implement OpenID authentication in your Java applications. OpenID4Java is a Technology Preview. This JBoss Enterprise Application Platform 5.1.2 release for Red Hat Enterprise Linux 6 serves as a replacement for JBoss Enterprise Application Platform 5.1.1. These updated packages include bug fixes and enhancements.

tags | exploit, java
systems | linux, redhat
advisories | CVE-2011-4085, CVE-2011-4314
MD5 | 5671b5f7f9fdd48d14d7ab20d42dc559
Red Hat Security Advisory 2011-1456-01
Posted Nov 17, 2011
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2011-1456-01 - JBoss Enterprise SOA Platform 5.2.0, which fixes two security issues, various bugs, and adds enhancements is now available from the Red Hat Customer Portal. A cross site scripting vulnerability was found in JRuby. It was found that the invoker servlets, deployed by default via httpha-invoker, only performed access control on the HTTP GET and POST methods, allowing remote attackers to make unauthenticated requests by using different HTTP methods.

tags | advisory, remote, web, xss
systems | linux, redhat
advisories | CVE-2010-1330, CVE-2011-4085
MD5 | 519483a227034c804cc2a3f72af38fd1
Page 1 of 1
Back1Next

File Archive:

April 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    60 Files
  • 2
    Apr 2nd
    0 Files
  • 3
    Apr 3rd
    0 Files
  • 4
    Apr 4th
    0 Files
  • 5
    Apr 5th
    0 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    0 Files
  • 9
    Apr 9th
    0 Files
  • 10
    Apr 10th
    0 Files
  • 11
    Apr 11th
    0 Files
  • 12
    Apr 12th
    0 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close