Rapid7 Vulnerability & Exploit Database

Red Hat JBoss: CVE-2011-4085: A remote attacker could bypass authentication by sending a request with a different method

Back to Search

Red Hat JBoss: CVE-2011-4085: A remote attacker could bypass authentication by sending a request with a different method

Severity
7
CVSS
(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Published
11/23/2012
Created
07/25/2018
Added
08/01/2017
Modified
08/01/2017

Description

The servlets invoked by httpha-invoker in JBoss Enterprise Application Platform before 5.1.2, SOA Platform before 5.2.0, BRMS Platform before 5.3.0, and Portal Platform before 4.3 CP07 perform access control only for the GET and POST methods, which allow remote attackers to bypass authentication by sending a request with a different method. NOTE: this vulnerability exists because of a CVE-2010-0738 regression.

Solution(s)

  • jboss_enterprise_application_platform-cve-2011-4085-1

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;