exploitDog

CVE-2015-5176

Опубликовано: 11 авг. 2015

Источник: nvd

CVSS2: 5.8

EPSS Низкий

Описание

The PortletRequestDispatcher in PortletBridge, as used in Red Hat JBoss Portal 6.2.0, does not properly enforce the security constraints of servlets, which allows remote attackers to gain access to resources via a request that asks to render a non-JSF resource.

Ссылки

http://rhn.redhat.com/errata/RHSA-2015-1543.html
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2015-1543.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:redhat:jboss_portal:6.2.0:*:*:*:*:*:*:*

EPSS

Процентиль: 47%

0.00243

Низкий

5.8 Medium

CVSS2

Дефекты

CWE-17

Связанные уязвимости

CVE-2015-5176

redhat

больше 10 лет назад

The PortletRequestDispatcher in PortletBridge, as used in Red Hat JBoss Portal 6.2.0, does not properly enforce the security constraints of servlets, which allows remote attackers to gain access to resources via a request that asks to render a non-JSF resource.

GHSA-66rg-hrjv-v265

github

больше 3 лет назад

The PortletRequestDispatcher in PortletBridge, as used in Red Hat JBoss Portal 6.2.0, does not properly enforce the security constraints of servlets, which allows remote attackers to gain access to resources via a request that asks to render a non-JSF resource.

EPSS

Процентиль: 47%

0.00243

Низкий

5.8 Medium

CVSS2

Дефекты

CWE-17