CVE-2011-4085
The MITRE CVE dictionary describes this issue as:
The servlets invoked by httpha-invoker in JBoss Enterprise Application Platform before 5.1.2, SOA Platform before 5.2.0, BRMS Platform before 5.3.0, and Portal Platform before 4.3 CP07 perform access control only for the GET and POST methods, which allow remote attackers to bypass authentication by sending a request with a different method. NOTE: this vulnerability exists because of a CVE-2010-0738 regression.
Find out more about CVE-2011-4085 from the MITRE CVE dictionary dictionary and NIST NVD.
CVSS v2 metrics
| Base Score | 2.6 |
|---|---|
| Base Metrics | AV:N/AC:H/Au:N/C:N/I:N/A:P |
| Access Vector | Network |
| Access Complexity | High |
| Authentication | None |
| Confidentiality Impact | None |
| Integrity Impact | None |
| Availability Impact | Partial |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat Security Errata
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat JBoss SOA Platform 5.1 | RHSA-2011:1456 | 2011-11-16 |
| JBoss Enterprise BRMS Platform 5.3 | RHSA-2012:1028 | 2012-06-22 |
| Red Hat JBoss Portal 4.3 | RHSA-2012:0091 | 2012-02-02 |
| Red Hat JBoss Portal 5 | RHSA-2011:1822 | 2011-12-14 |
| Red Hat JBoss Enterprise Application Platform 5.1 | RHSA-2011:1805 | 2011-12-08 |
| Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 AS | RHSA-2011:1800 | 2011-12-08 |
| Red Hat JBoss Enterprise Application Platform 5 for RHEL 5 Server | RHSA-2011:1799 | 2011-12-08 |
| Red Hat JBoss Enterprise Application Platform 5 for RHEL 6 Server | RHSA-2011:1798 | 2011-12-08 |
CVE description copyright © 2017, The MITRE Corporation