Lucene search

K

RedhatCVELIST:CVE-2011-4605

HistoryNov 23, 2012 - 8:00 p.m.

CVE-2011-4605

2012-11-2320:00:00

redhat

www.cve.org

6.4 Medium

AI Score

Confidence

Low

0.016 Low

EPSS

Percentile

87.7%

The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly restrict write access, which allows remote attackers to add, delete, or modify items in a JNDI tree via unspecified vectors.

References

bugzilla.redhat.com/bugzilla/show_bug.cgi?id=766469

rhn.redhat.com/errata/RHSA-2012-1022.html

rhn.redhat.com/errata/RHSA-2012-1023.html

rhn.redhat.com/errata/RHSA-2012-1024.html

rhn.redhat.com/errata/RHSA-2012-1025.html

rhn.redhat.com/errata/RHSA-2012-1026.html

rhn.redhat.com/errata/RHSA-2012-1027.html

rhn.redhat.com/errata/RHSA-2012-1028.html

rhn.redhat.com/errata/RHSA-2012-1109.html

rhn.redhat.com/errata/RHSA-2012-1125.html

rhn.redhat.com/errata/RHSA-2012-1232.html

rhn.redhat.com/errata/RHSA-2012-1295.html

secunia.com/advisories/49656

secunia.com/advisories/49658

secunia.com/advisories/50084

secunia.com/advisories/50549

www.securityfocus.com/bid/54644

www.securitytracker.com/id?1027501

6.4 Medium

AI Score

Confidence

Low

0.016 Low

EPSS

Percentile

87.7%

Related for CVELIST:CVE-2011-4605

nessus2 seebug1 veracode2 redhat5 prion1 cve1 ubuntucve1 nvd1 securityvulns2