Rapid7 Vulnerability & Exploit Database

Red Hat JBoss: CVE-2011-4314: Remote attacker could modify sensitive AX information without detection via a man-in-the-middle

Back to Search

Red Hat JBoss: CVE-2011-4314: Remote attacker could modify sensitive AX information without detection via a man-in-the-middle

Severity
6
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:P)
Published
01/27/2012
Created
07/25/2018
Added
08/01/2017
Modified
08/01/2017

Description

message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used in JBoss Enterprise Application Platform 5.1 before 5.1.2, Step2, Kay Framework before 1.0.2, and possibly other products does not verify that Attribute Exchange (AX) information is signed, which allows remote attackers to modify potentially sensitive AX information without detection via a man-in-the-middle (MITM) attack.

Solution(s)

  • jboss_enterprise_application_platform-cve-2011-4314-1

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;