// For flags

CVE-2011-4085

Invoker servlets authentication bypass (HTTP verb tampering)

Severity Score

6.8
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The servlets invoked by httpha-invoker in JBoss Enterprise Application Platform before 5.1.2, SOA Platform before 5.2.0, BRMS Platform before 5.3.0, and Portal Platform before 4.3 CP07 perform access control only for the GET and POST methods, which allow remote attackers to bypass authentication by sending a request with a different method. NOTE: this vulnerability exists because of a CVE-2010-0738 regression.

Los servlets invocados por httpha-invoker en JBoss Enterprise Application Platform anterior a v5.1.2, SOA Platform anterior a v5.2.0, BRMS Platform anterior a v5.3.0, y Portal Platform anterior a v4.3 CP07 lleva a cabo el control de acceso sólo para los métodos GET y POST, lo que permite a atacantes remotos evitar la autenticación mediante el envío de una solicitud con un método diferente. NOTA: esta vulnerabilidad se debe a CVE-2010-0738

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
Attack Vector
Network
Attack Complexity
High
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2011-10-18 CVE Reserved
  • 2011-11-17 CVE Published
  • 2023-03-07 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-287: Improper Authentication
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Redhat
Search vendor "Redhat"
Jboss Enterprise Application Platform
Search vendor "Redhat" for product "Jboss Enterprise Application Platform"
<= 5.1.1
Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version " <= 5.1.1"
-
Affected
Redhat
Search vendor "Redhat"
Jboss Enterprise Application Platform
Search vendor "Redhat" for product "Jboss Enterprise Application Platform"
4.2.0
Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "4.2.0"
-
Affected
Redhat
Search vendor "Redhat"
Jboss Enterprise Application Platform
Search vendor "Redhat" for product "Jboss Enterprise Application Platform"
4.3.0
Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "4.3.0"
-
Affected
Redhat
Search vendor "Redhat"
Jboss Enterprise Application Platform
Search vendor "Redhat" for product "Jboss Enterprise Application Platform"
5.0.0
Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "5.0.0"
-
Affected
Redhat
Search vendor "Redhat"
Jboss Enterprise Application Platform
Search vendor "Redhat" for product "Jboss Enterprise Application Platform"
5.0.1
Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "5.0.1"
-
Affected
Redhat
Search vendor "Redhat"
Jboss Enterprise Application Platform
Search vendor "Redhat" for product "Jboss Enterprise Application Platform"
5.1.0
Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "5.1.0"
-
Affected
Redhat
Search vendor "Redhat"
Jboss Enterprise Soa Platform
Search vendor "Redhat" for product "Jboss Enterprise Soa Platform"
<= 5.1.1
Search vendor "Redhat" for product "Jboss Enterprise Soa Platform" and version " <= 5.1.1"
-
Affected
Redhat
Search vendor "Redhat"
Jboss Enterprise Soa Platform
Search vendor "Redhat" for product "Jboss Enterprise Soa Platform"
4.2.0
Search vendor "Redhat" for product "Jboss Enterprise Soa Platform" and version "4.2.0"
-
Affected
Redhat
Search vendor "Redhat"
Jboss Enterprise Soa Platform
Search vendor "Redhat" for product "Jboss Enterprise Soa Platform"
4.2.0
Search vendor "Redhat" for product "Jboss Enterprise Soa Platform" and version "4.2.0"
cp01
Affected
Redhat
Search vendor "Redhat"
Jboss Enterprise Soa Platform
Search vendor "Redhat" for product "Jboss Enterprise Soa Platform"
4.2.0
Search vendor "Redhat" for product "Jboss Enterprise Soa Platform" and version "4.2.0"
cp02
Affected
Redhat
Search vendor "Redhat"
Jboss Enterprise Soa Platform
Search vendor "Redhat" for product "Jboss Enterprise Soa Platform"
4.2.0
Search vendor "Redhat" for product "Jboss Enterprise Soa Platform" and version "4.2.0"
cp03
Affected
Redhat
Search vendor "Redhat"
Jboss Enterprise Soa Platform
Search vendor "Redhat" for product "Jboss Enterprise Soa Platform"
4.2.0
Search vendor "Redhat" for product "Jboss Enterprise Soa Platform" and version "4.2.0"
cp04
Affected
Redhat
Search vendor "Redhat"
Jboss Enterprise Soa Platform
Search vendor "Redhat" for product "Jboss Enterprise Soa Platform"
4.2.0
Search vendor "Redhat" for product "Jboss Enterprise Soa Platform" and version "4.2.0"
cp05
Affected
Redhat
Search vendor "Redhat"
Jboss Enterprise Soa Platform
Search vendor "Redhat" for product "Jboss Enterprise Soa Platform"
4.2.0
Search vendor "Redhat" for product "Jboss Enterprise Soa Platform" and version "4.2.0"
tp02
Affected
Redhat
Search vendor "Redhat"
Jboss Enterprise Soa Platform
Search vendor "Redhat" for product "Jboss Enterprise Soa Platform"
4.3.0
Search vendor "Redhat" for product "Jboss Enterprise Soa Platform" and version "4.3.0"
-
Affected
Redhat
Search vendor "Redhat"
Jboss Enterprise Soa Platform
Search vendor "Redhat" for product "Jboss Enterprise Soa Platform"
4.3.0
Search vendor "Redhat" for product "Jboss Enterprise Soa Platform" and version "4.3.0"
cp01
Affected
Redhat
Search vendor "Redhat"
Jboss Enterprise Soa Platform
Search vendor "Redhat" for product "Jboss Enterprise Soa Platform"
4.3.0
Search vendor "Redhat" for product "Jboss Enterprise Soa Platform" and version "4.3.0"
cp02
Affected
Redhat
Search vendor "Redhat"
Jboss Enterprise Soa Platform
Search vendor "Redhat" for product "Jboss Enterprise Soa Platform"
4.3.0
Search vendor "Redhat" for product "Jboss Enterprise Soa Platform" and version "4.3.0"
cp03
Affected
Redhat
Search vendor "Redhat"
Jboss Enterprise Soa Platform
Search vendor "Redhat" for product "Jboss Enterprise Soa Platform"
4.3.0
Search vendor "Redhat" for product "Jboss Enterprise Soa Platform" and version "4.3.0"
cp04
Affected
Redhat
Search vendor "Redhat"
Jboss Enterprise Soa Platform
Search vendor "Redhat" for product "Jboss Enterprise Soa Platform"
4.3.0
Search vendor "Redhat" for product "Jboss Enterprise Soa Platform" and version "4.3.0"
cp05
Affected
Redhat
Search vendor "Redhat"
Jboss Enterprise Soa Platform
Search vendor "Redhat" for product "Jboss Enterprise Soa Platform"
5.0.0
Search vendor "Redhat" for product "Jboss Enterprise Soa Platform" and version "5.0.0"
-
Affected
Redhat
Search vendor "Redhat"
Jboss Enterprise Soa Platform
Search vendor "Redhat" for product "Jboss Enterprise Soa Platform"
5.0.1
Search vendor "Redhat" for product "Jboss Enterprise Soa Platform" and version "5.0.1"
-
Affected
Redhat
Search vendor "Redhat"
Jboss Enterprise Soa Platform
Search vendor "Redhat" for product "Jboss Enterprise Soa Platform"
5.0.2
Search vendor "Redhat" for product "Jboss Enterprise Soa Platform" and version "5.0.2"
-
Affected
Redhat
Search vendor "Redhat"
Jboss Enterprise Soa Platform
Search vendor "Redhat" for product "Jboss Enterprise Soa Platform"
5.1.0
Search vendor "Redhat" for product "Jboss Enterprise Soa Platform" and version "5.1.0"
-
Affected
Redhat
Search vendor "Redhat"
Jboss Enterprise Brms Platform
Search vendor "Redhat" for product "Jboss Enterprise Brms Platform"
<= 5.2.0
Search vendor "Redhat" for product "Jboss Enterprise Brms Platform" and version " <= 5.2.0"
-
Affected
Redhat
Search vendor "Redhat"
Jboss Enterprise Portal Platform
Search vendor "Redhat" for product "Jboss Enterprise Portal Platform"
<= 4.3.0
Search vendor "Redhat" for product "Jboss Enterprise Portal Platform" and version " <= 4.3.0"
-
Affected