CVE-2011-2730
The MITRE CVE dictionary describes this issue as:
Find out more about CVE-2011-2730 from the MITRE CVE dictionary dictionary and NIST NVD.
Statement
This flaw was originally reported as resulting in information disclosure only, and was therefore assessed as having low security impact. On this basis, it was planned that future updates to JBoss products may address this flaw. New research [0] has now shown that this flaw can lead to remote code execution. The security impact has been re-assessed as important, and Red Hat is now working on patches for all affected products.
CVSS v2 metrics
| Base Score | 6.4 |
|---|---|
| Base Metrics | AV:N/AC:L/Au:N/C:P/I:P/A:N |
| Access Vector | Network |
| Access Complexity | Low |
| Authentication | None |
| Confidentiality Impact | Partial |
| Integrity Impact | Partial |
| Availability Impact | None |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat Security Errata
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat JBoss Portal 5.2 | RHSA-2013:0953 | 2013-06-18 |
| Red Hat JBoss Enterprise Application Platform 5.2 | RHSA-2013:0194 | 2013-01-24 |
| Red Hat JBoss Enterprise Application Platform 5 for RHEL 6 Server | RHSA-2013:0191 | 2013-01-24 |
| Red Hat JBoss Web Platform 5.2 | RHSA-2013:0198 | 2013-01-24 |
| Red Hat JBoss SOA Platform 5.3 | RHSA-2013:0533 | 2013-02-20 |
| JBoss Enterprise BRMS Platform 5.3 | RHSA-2013:0221 | 2013-01-31 |
| Red Hat JBoss Web Platform 5 for RHEL 6 Server | RHSA-2013:0195 | 2013-01-24 |
| Red Hat JBoss Web Platform 5 for RHEL 5 Server | RHSA-2013:0196 | 2013-01-24 |
| Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 AS | RHSA-2013:0193 | 2013-01-24 |
| Red Hat JBoss Enterprise Application Platform 5 for RHEL 5 Server | RHSA-2013:0192 | 2013-01-24 |
| Red Hat JBoss Web Platform 5 for RHEL 4 AS | RHSA-2013:0197 | 2013-01-24 |
CVE description copyright © 2017, The MITRE Corporation
