Lucene search

K

Veracode Vulnerability DatabaseVERACODE:24840

HistoryApr 10, 2020 - 1:06 a.m.

Arbitrary Code Execution

2020-04-1001:06:56

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

14

EPSS

0.022

Percentile

89.6%

httpha-invoker is vulnerable to arbitrary code execution. The vulnerability exists as it was found that the invoker servlets, deployed by default via httpha-invoker, only performed access control on the HTTP GET and POST methods, allowing remote attackers to make unauthenticated requests by using different HTTP methods. Due to the second layer of authentication provided by a security interceptor, this issue is not exploitable on default installations unless an administrator has misconfigured the security interceptor or disabled it.

References

rhn.redhat.com/errata/RHSA-2011-1456.html

rhn.redhat.com/errata/RHSA-2011-1798.html

rhn.redhat.com/errata/RHSA-2011-1799.html

rhn.redhat.com/errata/RHSA-2011-1800.html

rhn.redhat.com/errata/RHSA-2011-1805.html

rhn.redhat.com/errata/RHSA-2011-1822.html

rhn.redhat.com/errata/RHSA-2012-0091.html

rhn.redhat.com/errata/RHSA-2012-1028.html

secunia.com/advisories/47169

secunia.com/advisories/47866

access.redhat.com/errata/RHSA-2011:1800

access.redhat.com/security/updates/classification/#low

access.redhat.com/support/offerings/techpreview/

bugzilla.redhat.com/show_bug.cgi?id=750422

docs.redhat.com/docs/en-US/index.html

EPSS

0.022

Percentile

89.6%

Related for VERACODE:24840

seebug2 redhat5 nvd1 prion1 cvelist1 cve1 nessus3 packetstorm1