CVE-2011-4085

The servlets invoked by httpha-invoker in JBoss Enterprise Application Platform before 5.1.2, SOA Platform before 5.2.0, BRMS Platform before 5.3.0, and Portal Platform before 4.3 CP07 perform access control only for the GET and POST methods, which allow remote attackers to bypass authentication by sending a request with a different method.  NOTE: this vulnerability exists because of a CVE-2010-0738 regression.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 55%
VendorProductVersion
redhatjboss_enterprise_application_platform
𝑥
≤ 5.1.1
redhatjboss_enterprise_application_platform
4.2.0
redhatjboss_enterprise_application_platform
4.3.0
redhatjboss_enterprise_application_platform
5.0.0
redhatjboss_enterprise_application_platform
5.0.1
redhatjboss_enterprise_application_platform
5.1.0
redhatjboss_enterprise_soa_platform
𝑥
≤ 5.1.1
redhatjboss_enterprise_soa_platform
4.2.0
redhatjboss_enterprise_soa_platform
4.2.0:cp01
redhatjboss_enterprise_soa_platform
4.2.0:cp02
redhatjboss_enterprise_soa_platform
4.2.0:cp03
redhatjboss_enterprise_soa_platform
4.2.0:cp04
redhatjboss_enterprise_soa_platform
4.2.0:cp05
redhatjboss_enterprise_soa_platform
4.2.0:tp02
redhatjboss_enterprise_soa_platform
4.3.0
redhatjboss_enterprise_soa_platform
4.3.0:cp01
redhatjboss_enterprise_soa_platform
4.3.0:cp02
redhatjboss_enterprise_soa_platform
4.3.0:cp03
redhatjboss_enterprise_soa_platform
4.3.0:cp04
redhatjboss_enterprise_soa_platform
4.3.0:cp05
redhatjboss_enterprise_soa_platform
5.0.0
redhatjboss_enterprise_soa_platform
5.0.1
redhatjboss_enterprise_soa_platform
5.0.2
redhatjboss_enterprise_soa_platform
5.1.0
redhatjboss_enterprise_brms_platform
𝑥
≤ 5.2.0
redhatjboss_enterprise_portal_platform
𝑥
≤ 4.3.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://rhn.redhat.com/errata/RHSA-2011-1456.html
http://rhn.redhat.com/errata/RHSA-2011-1798.html
http://rhn.redhat.com/errata/RHSA-2011-1799.html
http://rhn.redhat.com/errata/RHSA-2011-1800.html
http://rhn.redhat.com/errata/RHSA-2011-1805.html
http://rhn.redhat.com/errata/RHSA-2011-1822.html
http://rhn.redhat.com/errata/RHSA-2012-0091.html
http://rhn.redhat.com/errata/RHSA-2012-1028.html
http://secunia.com/advisories/47169
http://secunia.com/advisories/47866
https://bugzilla.redhat.com/show_bug.cgi?id=750422
http://rhn.redhat.com/errata/RHSA-2011-1456.html
http://rhn.redhat.com/errata/RHSA-2011-1798.html
http://rhn.redhat.com/errata/RHSA-2011-1799.html
http://rhn.redhat.com/errata/RHSA-2011-1800.html
http://rhn.redhat.com/errata/RHSA-2011-1805.html
http://rhn.redhat.com/errata/RHSA-2011-1822.html
http://rhn.redhat.com/errata/RHSA-2012-0091.html
http://rhn.redhat.com/errata/RHSA-2012-1028.html
http://secunia.com/advisories/47169
http://secunia.com/advisories/47866
https://bugzilla.redhat.com/show_bug.cgi?id=750422