CVE-2011-4085
Invoker servlets authentication bypass (HTTP verb tampering)
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The servlets invoked by httpha-invoker in JBoss Enterprise Application Platform before 5.1.2, SOA Platform before 5.2.0, BRMS Platform before 5.3.0, and Portal Platform before 4.3 CP07 perform access control only for the GET and POST methods, which allow remote attackers to bypass authentication by sending a request with a different method. NOTE: this vulnerability exists because of a CVE-2010-0738 regression.
Los servlets invocados por httpha-invoker en JBoss Enterprise Application Platform anterior a v5.1.2, SOA Platform anterior a v5.2.0, BRMS Platform anterior a v5.3.0, y Portal Platform anterior a v4.3 CP07 lleva a cabo el control de acceso sólo para los métodos GET y POST, lo que permite a atacantes remotos evitar la autenticación mediante el envío de una solicitud con un método diferente. NOTA: esta vulnerabilidad se debe a CVE-2010-0738
CVSS Scores
SSVC
- Decision:-
Timeline
- 2011-10-18 CVE Reserved
- 2011-11-17 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-287: Improper Authentication
CAPEC
References (12)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://rhn.redhat.com/errata/RHSA-2011-1456.html | 2023-11-07 | |
http://rhn.redhat.com/errata/RHSA-2011-1798.html | 2023-11-07 | |
http://rhn.redhat.com/errata/RHSA-2011-1799.html | 2023-11-07 | |
http://rhn.redhat.com/errata/RHSA-2011-1800.html | 2023-11-07 | |
http://rhn.redhat.com/errata/RHSA-2011-1805.html | 2023-11-07 | |
http://rhn.redhat.com/errata/RHSA-2011-1822.html | 2023-11-07 | |
http://rhn.redhat.com/errata/RHSA-2012-0091.html | 2023-11-07 | |
http://rhn.redhat.com/errata/RHSA-2012-1028.html | 2023-11-07 | |
http://secunia.com/advisories/47169 | 2023-11-07 | |
http://secunia.com/advisories/47866 | 2023-11-07 | |
https://bugzilla.redhat.com/show_bug.cgi?id=750422 | 2012-06-22 | |
https://access.redhat.com/security/cve/CVE-2011-4085 | 2012-06-22 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Redhat Search vendor "Redhat" | Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform" | <= 5.1.1 Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version " <= 5.1.1" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform" | 4.2.0 Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "4.2.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform" | 4.3.0 Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "4.3.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform" | 5.0.0 Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "5.0.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform" | 5.0.1 Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "5.0.1" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform" | 5.1.0 Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "5.1.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Jboss Enterprise Soa Platform Search vendor "Redhat" for product "Jboss Enterprise Soa Platform" | <= 5.1.1 Search vendor "Redhat" for product "Jboss Enterprise Soa Platform" and version " <= 5.1.1" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Jboss Enterprise Soa Platform Search vendor "Redhat" for product "Jboss Enterprise Soa Platform" | 4.2.0 Search vendor "Redhat" for product "Jboss Enterprise Soa Platform" and version "4.2.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Jboss Enterprise Soa Platform Search vendor "Redhat" for product "Jboss Enterprise Soa Platform" | 4.2.0 Search vendor "Redhat" for product "Jboss Enterprise Soa Platform" and version "4.2.0" | cp01 |
Affected
| ||||||
Redhat Search vendor "Redhat" | Jboss Enterprise Soa Platform Search vendor "Redhat" for product "Jboss Enterprise Soa Platform" | 4.2.0 Search vendor "Redhat" for product "Jboss Enterprise Soa Platform" and version "4.2.0" | cp02 |
Affected
| ||||||
Redhat Search vendor "Redhat" | Jboss Enterprise Soa Platform Search vendor "Redhat" for product "Jboss Enterprise Soa Platform" | 4.2.0 Search vendor "Redhat" for product "Jboss Enterprise Soa Platform" and version "4.2.0" | cp03 |
Affected
| ||||||
Redhat Search vendor "Redhat" | Jboss Enterprise Soa Platform Search vendor "Redhat" for product "Jboss Enterprise Soa Platform" | 4.2.0 Search vendor "Redhat" for product "Jboss Enterprise Soa Platform" and version "4.2.0" | cp04 |
Affected
| ||||||
Redhat Search vendor "Redhat" | Jboss Enterprise Soa Platform Search vendor "Redhat" for product "Jboss Enterprise Soa Platform" | 4.2.0 Search vendor "Redhat" for product "Jboss Enterprise Soa Platform" and version "4.2.0" | cp05 |
Affected
| ||||||
Redhat Search vendor "Redhat" | Jboss Enterprise Soa Platform Search vendor "Redhat" for product "Jboss Enterprise Soa Platform" | 4.2.0 Search vendor "Redhat" for product "Jboss Enterprise Soa Platform" and version "4.2.0" | tp02 |
Affected
| ||||||
Redhat Search vendor "Redhat" | Jboss Enterprise Soa Platform Search vendor "Redhat" for product "Jboss Enterprise Soa Platform" | 4.3.0 Search vendor "Redhat" for product "Jboss Enterprise Soa Platform" and version "4.3.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Jboss Enterprise Soa Platform Search vendor "Redhat" for product "Jboss Enterprise Soa Platform" | 4.3.0 Search vendor "Redhat" for product "Jboss Enterprise Soa Platform" and version "4.3.0" | cp01 |
Affected
| ||||||
Redhat Search vendor "Redhat" | Jboss Enterprise Soa Platform Search vendor "Redhat" for product "Jboss Enterprise Soa Platform" | 4.3.0 Search vendor "Redhat" for product "Jboss Enterprise Soa Platform" and version "4.3.0" | cp02 |
Affected
| ||||||
Redhat Search vendor "Redhat" | Jboss Enterprise Soa Platform Search vendor "Redhat" for product "Jboss Enterprise Soa Platform" | 4.3.0 Search vendor "Redhat" for product "Jboss Enterprise Soa Platform" and version "4.3.0" | cp03 |
Affected
| ||||||
Redhat Search vendor "Redhat" | Jboss Enterprise Soa Platform Search vendor "Redhat" for product "Jboss Enterprise Soa Platform" | 4.3.0 Search vendor "Redhat" for product "Jboss Enterprise Soa Platform" and version "4.3.0" | cp04 |
Affected
| ||||||
Redhat Search vendor "Redhat" | Jboss Enterprise Soa Platform Search vendor "Redhat" for product "Jboss Enterprise Soa Platform" | 4.3.0 Search vendor "Redhat" for product "Jboss Enterprise Soa Platform" and version "4.3.0" | cp05 |
Affected
| ||||||
Redhat Search vendor "Redhat" | Jboss Enterprise Soa Platform Search vendor "Redhat" for product "Jboss Enterprise Soa Platform" | 5.0.0 Search vendor "Redhat" for product "Jboss Enterprise Soa Platform" and version "5.0.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Jboss Enterprise Soa Platform Search vendor "Redhat" for product "Jboss Enterprise Soa Platform" | 5.0.1 Search vendor "Redhat" for product "Jboss Enterprise Soa Platform" and version "5.0.1" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Jboss Enterprise Soa Platform Search vendor "Redhat" for product "Jboss Enterprise Soa Platform" | 5.0.2 Search vendor "Redhat" for product "Jboss Enterprise Soa Platform" and version "5.0.2" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Jboss Enterprise Soa Platform Search vendor "Redhat" for product "Jboss Enterprise Soa Platform" | 5.1.0 Search vendor "Redhat" for product "Jboss Enterprise Soa Platform" and version "5.1.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Jboss Enterprise Brms Platform Search vendor "Redhat" for product "Jboss Enterprise Brms Platform" | <= 5.2.0 Search vendor "Redhat" for product "Jboss Enterprise Brms Platform" and version " <= 5.2.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Jboss Enterprise Portal Platform Search vendor "Redhat" for product "Jboss Enterprise Portal Platform" | <= 4.3.0 Search vendor "Redhat" for product "Jboss Enterprise Portal Platform" and version " <= 4.3.0" | - |
Affected
|