Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2011-4605

Опубликовано: 20 июн. 2012
Источник: redhat
CVSS2: 7.5

Описание

The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly restrict write access, which allows remote attackers to add, delete, or modify items in a JNDI tree via unspecified vectors.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat JBoss BRMS 5SecurityAffected
JBEWP 5 for RHEL 5jbossas-webFixedRHSA-2012:102720.06.2012
JBEWP 5 for RHEL 5jboss-namingFixedRHSA-2012:102720.06.2012
JBEWP 5 for RHEL 6jbossas-webFixedRHSA-2012:102720.06.2012
JBEWP 5 for RHEL 6jboss-namingFixedRHSA-2012:102720.06.2012
JBoss Enterprise BRMS Platform 5.3FixedRHSA-2012:102822.06.2012
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4jbossasFixedRHSA-2012:102520.06.2012
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5jbossasFixedRHSA-2012:102520.06.2012
Red Hat JBoss Enterprise Application Platform 5.1FixedRHSA-2012:102220.06.2012
Red Hat JBoss Enterprise Application Platform 5 for RHEL 4jbossasFixedRHSA-2012:102620.06.2012

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-306
https://bugzilla.redhat.com/show_bug.cgi?id=766469JNDI: unauthenticated remote write access is permitted by default

7.5 High

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2011-4605

ubuntu
около 13 лет назад

The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly restrict write access, which allows remote attackers to add, delete, or modify items in a JNDI tree via unspecified vectors.

nvd логотип

CVE-2011-4605

nvd
около 13 лет назад

The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly restrict write access, which allows remote attackers to add, delete, or modify items in a JNDI tree via unspecified vectors.

debian логотип

CVE-2011-4605

debian
около 13 лет назад

The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invok ...

github логотип

GHSA-985p-jvqf-v48m

github
больше 3 лет назад

The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly restrict write access, which allows remote attackers to add, delete, or modify items in a JNDI tree via unspecified vectors.

7.5 High

CVSS2