Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2011-4085
HistoryNov 23, 2012 - 8:55 p.m.

CVE-2011-4085

2012-11-2320:55:01
CWE-287
[email protected]
web.nvd.nist.gov
29
cve-2011-4085
servlets
httpha-invoker
jboss
eap
soa
brms
portal
access control
authentication bypass
remote code execution
regression vulnerability

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

9.3 High

AI Score

Confidence

High

0.968 High

EPSS

Percentile

99.7%

JSON

The servlets invoked by httpha-invoker in JBoss Enterprise Application Platform before 5.1.2, SOA Platform before 5.2.0, BRMS Platform before 5.3.0, and Portal Platform before 4.3 CP07 perform access control only for the GET and POST methods, which allow remote attackers to bypass authentication by sending a request with a different method. NOTE: this vulnerability exists because of a CVE-2010-0738 regression.

Affected configurations

NVD
Node
redhatjboss_enterprise_application_platformRange5.1.1
OR
redhatjboss_enterprise_application_platformMatch4.2.0
OR
redhatjboss_enterprise_application_platformMatch4.3.0
OR
redhatjboss_enterprise_application_platformMatch5.0.0
OR
redhatjboss_enterprise_application_platformMatch5.0.1
OR
redhatjboss_enterprise_application_platformMatch5.1.0
Node
redhatjboss_enterprise_soa_platformRange5.1.1
OR
redhatjboss_enterprise_soa_platformMatch4.2.0
OR
redhatjboss_enterprise_soa_platformMatch4.2.0cp01
OR
redhatjboss_enterprise_soa_platformMatch4.2.0cp02
OR
redhatjboss_enterprise_soa_platformMatch4.2.0cp03
OR
redhatjboss_enterprise_soa_platformMatch4.2.0cp04
OR
redhatjboss_enterprise_soa_platformMatch4.2.0cp05
OR
redhatjboss_enterprise_soa_platformMatch4.2.0tp02
OR
redhatjboss_enterprise_soa_platformMatch4.3.0
OR
redhatjboss_enterprise_soa_platformMatch4.3.0cp01
OR
redhatjboss_enterprise_soa_platformMatch4.3.0cp02
OR
redhatjboss_enterprise_soa_platformMatch4.3.0cp03
OR
redhatjboss_enterprise_soa_platformMatch4.3.0cp04
OR
redhatjboss_enterprise_soa_platformMatch4.3.0cp05
OR
redhatjboss_enterprise_soa_platformMatch5.0.0
OR
redhatjboss_enterprise_soa_platformMatch5.0.1
OR
redhatjboss_enterprise_soa_platformMatch5.0.2
OR
redhatjboss_enterprise_soa_platformMatch5.1.0
Node
redhatjboss_enterprise_brms_platformRange5.2.0
OR
redhatjboss_enterprise_portal_platformRange4.3.0

Related

prion 3
cvelist 3
nvd 3
seebug 6
veracode 2
nessus 11
redhat 6
packetstorm 4
attackerkb 2
saint 4
cisa_kev 1
securityvulns 6
cve 2
canvas 1
threatpost 2
metasploit 1
checkpoint_advisories 1
exploitdb 4
exploitpack 1
nmap 1
openvas 1
kitploit 2
prion
prion
Authentication flaw
2012-11-23 20:55:00
Input validation
2010-04-28 22:30:00
Design/Logic Flaw
2013-09-16 13:01:00
cvelist
cvelist
CVE-2011-4085
2012-11-23 20:00:00
CVE-2010-0738
2010-04-28 22:00:00
CVE-2013-4810
2013-09-13 18:00:00
nvd
nvd
CVE-2011-4085
2012-11-23 20:55:01
CVE-2010-0738
2010-04-28 22:30:00
CVE-2013-4810
2013-09-16 13:01:46
seebug
seebug
JBoss Enterprise SOA Platform调用程序身份验证绕过漏洞
2011-12-13 00:00:00
JBoss Enterprise SOA平台Servlet调用器验证绕过漏洞
2011-11-18 00:00:00
JBoss addURL Misconfiguration Attack
2011-10-05 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 01:06:56
Information Disclosure
2020-04-10 00:42:53
nessus
nessus
RHEL 6 : JBoss Enterprise Application Platform 5.1.2 update (Low) (RHSA-2011:1798)
2013-01-24 00:00:00
RHEL 4 : JBoss EAP (RHSA-2011:1800)
2013-01-24 00:00:00
RHEL 5 : JBoss Enterprise Application Platform 5.1.2 update (Low) (RHSA-2011:1799)
2013-01-24 00:00:00
redhat
redhat
(RHSA-2011:1798) Low: JBoss Enterprise Application Platform 5.1.2 update
2011-12-08 00:00:00
(RHSA-2011:1456) Moderate: JBoss Enterprise SOA Platform 5.2.0 update
2011-11-16 00:00:00
(RHSA-2011:1805) Low: JBoss Enterprise Application Platform 5.1.2 update
2011-12-08 20:05:35
packetstorm
packetstorm
Red Hat Security Advisory 2011-1798-01
2011-12-08 00:00:00
JBoss addURL Misconfiguration Attack
2011-10-03 00:00:00
JBoss JMX Console Beanshell Deployer WAR Upload And Deployment
2010-06-24 00:00:00
attackerkb
attackerkb
CVE-2010-0738
2010-04-28 00:00:00
CVE-2013-4810
2013-09-16 00:00:00
saint
saint
RedHat JBoss Enterprise Application Platform JMX Console Authentication Bypass
2010-06-07 00:00:00
RedHat JBoss Enterprise Application Platform JMX Console Authentication Bypass
2010-06-07 00:00:00
RedHat JBoss Enterprise Application Platform JMX Console Authentication Bypass
2010-06-07 00:00:00
cisa_kev
cisa_kev
Red Hat JBoss Authentication Bypass Vulnerability
2022-05-25 00:00:00
securityvulns
securityvulns
[security bulletin] HPSBMU02714 SSRT100244 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Disclosure of Information
2011-10-31 00:00:00
[security bulletin] HPSBMU02714 SSRT100244 rev.2 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Disclosure of Information
2011-11-21 00:00:00
HP Network Node Manager i multiple security vulnerabilities
2011-11-27 00:00:00
cve
cve
CVE-2010-0738
2010-04-28 22:30:00
CVE-2013-4810
2013-09-16 13:01:46
canvas
canvas
Immunity Canvas: JBOSS_JMXCONSOLE_DEPLOYER
2010-04-28 22:30:00
threatpost
threatpost
JBoss Worm Exploiting Old Bug to Infect Unpatched Servers
2011-10-21 11:50:17
3.2 Million Servers Vulnerable to JBoss Attack
2016-04-18 14:11:34
metasploit
metasploit
JBoss JMX Console Deployer Upload and Execute
2012-07-10 17:33:28
checkpoint_advisories
checkpoint_advisories
RedHat JBoss Enterprise JMX Console Authentication Bypass (CVE-2010-0738)
2010-06-29 00:00:00
exploitdb
exploitdb
JBoss JMX - Console Beanshell Deployer WAR Upload and Deployment (Metasploit)
2011-01-10 00:00:00
JBoss & JMX Console - Misconfigured Deployment Scanner
2011-10-03 00:00:00
JBoss JMX - Console Deployer Upload and Execute (Metasploit)
2010-10-19 00:00:00
exploitpack
exploitpack
Hewlett-Packard (HP) UCMDB - JMX-Console Authentication Bypass
2015-02-03 00:00:00
nmap
nmap
http-vuln-cve2010-0738 NSE Script
2012-09-07 23:42:39
openvas
openvas
Red Hat JBoss Products Multiple Vulnerabilities (jmx-console) - Active Check
2010-04-28 00:00:00
kitploit
kitploit
clusterd - Application Server Attack Toolkit
2017-09-25 21:04:00
Vulmap - Web Vulnerability Scanning And Verification Tools
2020-12-25 11:30:00

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

9.3 High

AI Score

Confidence

High

0.968 High

EPSS

Percentile

99.7%

JSON
Related for CVE-2011-4085
prion3cvelist3nvd3seebug6veracode2nessus11redhat6packetstorm4attackerkb2saint4cisa_kev1securityvulns6cve2canvas1threatpost2metasploit1checkpoint_advisories1exploitdb4exploitpack1nmap1openvas1kitploit2