CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2011-4085

The servlets invoked by httpha-invoker in JBoss Enterprise Application Platform before 5.1.2, SOA Platform before 5.2.0, BRMS Platform before 5.3.0, and Portal Platform before 4.3 CP07 perform access control only for the GET and POST methods, which allow remote attackers to bypass authentication by sending a request with a different method. NOTE: this vulnerability exists because of a CVE-2010-0738 regression.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 55.9%

CVSS Severity

CVSS v2 Score 6.8

References

Products affected by CVE-2011-4085

Redhat » Jboss Enterprise Application Platform » Version: N/A

cpe:2.3:a:redhat:jboss_enterprise_application_platform:-
Redhat » Jboss Enterprise Application Platform » Version: 4.0.0

cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.0.0
Redhat » Jboss Enterprise Application Platform » Version: 4.2.0

cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0
Redhat » Jboss Enterprise Application Platform » Version: 4.3.0

cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0
Redhat » Jboss Enterprise Application Platform » Version: 5.0.0

cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.0.0
Redhat » Jboss Enterprise Application Platform » Version: 5.0.1

cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.0.1
Redhat » Jboss Enterprise Application Platform » Version: 5.0.3

cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.0.3
Redhat » Jboss Enterprise Application Platform » Version: 5.1.0

cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.1.0
Redhat » Jboss Enterprise Application Platform » Version: 5.1.1

cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.1.1
Redhat » Jboss Enterprise Brms Platform » Version: 5.0.0

cpe:2.3:a:redhat:jboss_enterprise_brms_platform:5.0.0
Redhat » Jboss Enterprise Brms Platform » Version: 5.0.1

cpe:2.3:a:redhat:jboss_enterprise_brms_platform:5.0.1
Redhat » Jboss Enterprise Brms Platform » Version: 5.0.2

cpe:2.3:a:redhat:jboss_enterprise_brms_platform:5.0.2
Redhat » Jboss Enterprise Brms Platform » Version: 5.1.0

cpe:2.3:a:redhat:jboss_enterprise_brms_platform:5.1.0
Redhat » Jboss Enterprise Brms Platform » Version: 5.2.0

cpe:2.3:a:redhat:jboss_enterprise_brms_platform:5.2.0
Redhat » Jboss Enterprise Portal Platform » Version: 4.3.0

cpe:2.3:a:redhat:jboss_enterprise_portal_platform:4.3.0
Redhat » Jboss Enterprise Soa Platform » Version: 4.2.0

cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.2.0
Redhat » Jboss Enterprise Soa Platform » Version: 4.3.0

cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.3.0
Redhat » Jboss Enterprise Soa Platform » Version: 5.0.0

cpe:2.3:a:redhat:jboss_enterprise_soa_platform:5.0.0
Redhat » Jboss Enterprise Soa Platform » Version: 5.0.1

cpe:2.3:a:redhat:jboss_enterprise_soa_platform:5.0.1
Redhat » Jboss Enterprise Soa Platform » Version: 5.0.2

cpe:2.3:a:redhat:jboss_enterprise_soa_platform:5.0.2
Redhat » Jboss Enterprise Soa Platform » Version: 5.1.0

cpe:2.3:a:redhat:jboss_enterprise_soa_platform:5.1.0
Redhat » Jboss Enterprise Soa Platform » Version: 5.1.1

cpe:2.3:a:redhat:jboss_enterprise_soa_platform:5.1.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2011-4085

Products

Pricing

Contact Us