CVE-2011-4605
First published: Fri Nov 23 2012(Updated: )
The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly restrict write access, which allows remote attackers to add, delete, or modify items in a JNDI tree via unspecified vectors.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Redhat Jboss Enterprise Application Platform | =4.3.0-cp10 | |
| Redhat Jboss Enterprise Application Platform | =5.1.2 | |
| Redhat Jboss Enterprise Web Platform | =5.1.2 | |
| Redhat Jboss Enterprise Portal Platform | =5.2.1 | |
| Redhat Jboss Enterprise Portal Platform | =4.3.0-cp07 | |
| Redhat Jboss Enterprise Brms Platform | <=5.2.0 | |
| Redhat Jboss Enterprise Soa Platform | =4.2.0-cp05 | |
| Redhat Jboss Enterprise Portal Platform | =5.2.0 | |
| Redhat Jboss Enterprise Soa Platform | =4.3.0-cp05 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://secunia.com/advisories/49658
- http://rhn.redhat.com/errata/RHSA-2012-1028.html
- http://rhn.redhat.com/errata/RHSA-2012-1025.html
- http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=766469
- http://rhn.redhat.com/errata/RHSA-2012-1022.html
- http://rhn.redhat.com/errata/RHSA-2012-1023.html
- http://secunia.com/advisories/49656
- http://secunia.com/advisories/50549
- http://rhn.redhat.com/errata/RHSA-2012-1027.html
- http://secunia.com/advisories/50084
- http://rhn.redhat.com/errata/RHSA-2012-1125.html
- http://rhn.redhat.com/errata/RHSA-2012-1295.html
- http://rhn.redhat.com/errata/RHSA-2012-1024.html
- http://rhn.redhat.com/errata/RHSA-2012-1232.html
- http://rhn.redhat.com/errata/RHSA-2012-1109.html
- http://www.securitytracker.com/id?1027501
- http://rhn.redhat.com/errata/RHSA-2012-1026.html
- http://www.securityfocus.com/bid/54644
- collector/nvd-historical
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/references
- agent/type
- agent/event
- agent/author
- agent/description
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/redhat
- canonical/redhat jboss enterprise application platform
- version/redhat jboss enterprise application platform/4.3.0-cp10
- version/redhat jboss enterprise application platform/5.1.2
- canonical/redhat jboss enterprise web platform
- version/redhat jboss enterprise web platform/5.1.2
- canonical/redhat jboss enterprise portal platform
- version/redhat jboss enterprise portal platform/5.2.1
- version/redhat jboss enterprise portal platform/4.3.0-cp07
- canonical/redhat jboss enterprise brms platform
- version/redhat jboss enterprise brms platform/5.2.0
- canonical/redhat jboss enterprise soa platform
- version/redhat jboss enterprise soa platform/4.2.0-cp05
- version/redhat jboss enterprise portal platform/5.2.0
- version/redhat jboss enterprise soa platform/4.3.0-cp05