[Forgot Password]
Login  Register Subscribe

30480

 
 

423868

 
 

253650

 
 

909

 
 

197367

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2011-4605Date: (C)2012-11-25   (M)2023-12-22


The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly restrict write access, which allows remote attackers to add, delete, or modify items in a JNDI tree via unspecified vectors.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1027501
SECUNIA-49656
SECUNIA-49658
SECUNIA-50084
SECUNIA-50549
BID-54644
RHSA-2012:1022
RHSA-2012:1023
RHSA-2012:1024
RHSA-2012:1025
RHSA-2012:1026
RHSA-2012:1027
RHSA-2012:1028
RHSA-2012:1109
RHSA-2012:1125
RHSA-2012:1232
RHSA-2012:1295
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=766469

CWE    1
CWE-264

© SecPod Technologies