CVE-2011-4605
First published: Fri Nov 23 2012(Updated: )
The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly restrict write access, which allows remote attackers to add, delete, or modify items in a JNDI tree via unspecified vectors.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat jboss enterprise application platform | =4.3.0-cp10 | |
| redhat jboss enterprise application platform | =5.1.2 | |
| Red Hat JBoss Enterprise BRMS Platform | <=5.2.0 | |
| Red Hat JBoss Portal | =4.3.0-cp07 | |
| Red Hat JBoss Portal | =5.2.0 | |
| Red Hat JBoss Portal | =5.2.1 | |
| Red Hat JBoss Enterprise SOA Platform | =4.2.0-cp05 | |
| Red Hat JBoss Enterprise SOA Platform | =4.3.0-cp05 | |
| Red Hat JBoss Enterprise Web Platform | =5.1.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://secunia.com/advisories/49658
- http://rhn.redhat.com/errata/RHSA-2012-1028.html
- http://rhn.redhat.com/errata/RHSA-2012-1025.html
- http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=766469
- http://rhn.redhat.com/errata/RHSA-2012-1022.html
- http://rhn.redhat.com/errata/RHSA-2012-1023.html
- http://secunia.com/advisories/49656
- http://secunia.com/advisories/50549
- http://rhn.redhat.com/errata/RHSA-2012-1027.html
- http://secunia.com/advisories/50084
- http://rhn.redhat.com/errata/RHSA-2012-1125.html
- http://rhn.redhat.com/errata/RHSA-2012-1295.html
- http://rhn.redhat.com/errata/RHSA-2012-1024.html
- http://rhn.redhat.com/errata/RHSA-2012-1232.html
- http://rhn.redhat.com/errata/RHSA-2012-1109.html
- http://www.securitytracker.com/id?1027501
- http://rhn.redhat.com/errata/RHSA-2012-1026.html
- http://www.securityfocus.com/bid/54644
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/redhat
- canonical/redhat jboss enterprise application platform
- version/redhat jboss enterprise application platform/4.3.0-cp10
- version/redhat jboss enterprise application platform/5.1.2
- canonical/red hat jboss enterprise brms platform
- version/red hat jboss enterprise brms platform/5.2.0
- canonical/red hat jboss portal
- version/red hat jboss portal/4.3.0-cp07
- version/red hat jboss portal/5.2.0
- version/red hat jboss portal/5.2.1
- canonical/red hat jboss enterprise soa platform
- version/red hat jboss enterprise soa platform/4.2.0-cp05
- version/red hat jboss enterprise soa platform/4.3.0-cp05
- canonical/red hat jboss enterprise web platform
- version/red hat jboss enterprise web platform/5.1.2