CVE-2011-4314
The MITRE CVE dictionary describes this issue as:
message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange (AX) information is signed, which allows remote attackers to modify potentially sensitive AX information without detection via a man-in-the-middle (MITM) attack.
Find out more about CVE-2011-4314 from the MITRE CVE dictionary dictionary and NIST NVD.
CVSS v2 metrics
| Base Score | 4.3 |
|---|---|
| Base Metrics | AV:N/AC:M/Au:N/C:N/I:P/A:N |
| Access Vector | Network |
| Access Complexity | Medium |
| Authentication | None |
| Confidentiality Impact | None |
| Integrity Impact | Partial |
| Availability Impact | None |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat Security Errata
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat JBoss Enterprise Application Platform 5.1 | RHSA-2011:1805 | 2011-12-08 |
| Red Hat JBoss Enterprise Application Platform 5 for RHEL 4 AS | RHSA-2011:1800 | 2011-12-08 |
| Red Hat JBoss Web Platform 5 for RHEL 4 AS | RHSA-2011:1804 | 2011-12-08 |
| JBoss Enterprise BRMS Platform 5.2 | RHSA-2012:0441 | 2012-04-02 |
| Red Hat JBoss Web Platform 5 for RHEL 5 Server | RHSA-2011:1803 | 2011-12-08 |
| Red Hat JBoss SOA Platform 5.2 | RHSA-2012:0378 | 2012-03-12 |
| Red Hat JBoss Enterprise Application Platform 5 for RHEL 5 Server | RHSA-2011:1799 | 2011-12-08 |
| Red Hat JBoss Enterprise Application Platform 5 for RHEL 6 Server | RHSA-2011:1798 | 2011-12-08 |
| Red Hat JBoss Web Platform 5 for RHEL 6 Server | RHSA-2011:1802 | 2011-12-08 |
| Red Hat JBoss Portal 5.2 | RHSA-2012:0519 | 2012-04-25 |
| Red Hat JBoss Web Platform 5.1 | RHSA-2011:1806 | 2011-12-08 |
CVE description copyright © 2017, The MITRE Corporation