Showing 1 - 1 of 1

CVE-2015-3244

Status Candidate

Overview

The Portlet Bridge for JavaServer Faces in Red Hat JBoss Portal 6.2.0, when used in portlets with the default resource serving for GenericPortlet, does not properly restrict access to restricted resources, which allows remote attackers to obtain sensitive information via a URL with a modified resource ID.

Related Files

Red Hat Security Advisory 2015-1226-01: Posted Jul 16, 2015; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2015-1226-01 - Red Hat JBoss Portal is the open source implementation of the Java EE suite of services and Portal services running atop Red Hat JBoss Enterprise Application Platform. It was found that JavaServer Faces PortletBridge-based portlets using GenericPortlet's default resource serving did not restrict access to resources within the web application. An attacker could set the resource ID field of a URL to potentially bypass security constraints and gain access to restricted resources.; tags | advisory, java, web; systems | linux, redhat; advisories | CVE-2015-3244; SHA-256 | 0e4761b4c8daaf8d87d38bae55837ec0ec12e07790cf3448f15d6989499fe3db; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 107 files
Ubuntu 104 files
Debian 21 files
Google Security Research 11 files
LiquidWorm 10 files
Muhammad Navaid Zafar Ansari 7 files
Abdulhakim Oner 6 files
Jann Horn 5 files
fearzzzz 5 files
nu11secur1ty 5 files

File Archives

Systems

AIX (426)
Apple (1,951)
BSD (370)
CentOS (56)
Cisco (1,919)
Debian (6,711)
Fedora (1,691)
FreeBSD (1,242)
Gentoo (4,288)
HPUX (878)
iOS (338)
iPhone (108)
IRIX (220)
Juniper (67)
Linux (45,070)
Mac OS X (684)
Mandriva (3,105)
NetBSD (256)
OpenBSD (482)
RedHat (12,879)
Slackware (941)
Solaris (1,609)
SUSE (1,444)
Ubuntu (8,435)
UNIX (9,207)
UnixWare (185)
Windows (6,530)
Other

CVE-2015-3244

Overview

Related Files

File Archive:

March 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems