CVE-2015-5176
First published: Tue Aug 11 2015(Updated: )
The PortletRequestDispatcher in PortletBridge, as used in Red Hat JBoss Portal 6.2.0, does not properly enforce the security constraints of servlets, which allows remote attackers to gain access to resources via a request that asks to render a non-JSF resource.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat JBoss Portal | =6.2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-5176?
CVE-2015-5176 has a medium severity rating due to its potential to allow unauthorized access to resources.
How do I fix CVE-2015-5176?
To mitigate CVE-2015-5176, update to a patched version of Red Hat JBoss Portal that addresses this vulnerability.
What type of vulnerability is CVE-2015-5176?
CVE-2015-5176 is a security vulnerability related to improper enforcement of servlet security constraints.
Who is affected by CVE-2015-5176?
CVE-2015-5176 affects users of Red Hat JBoss Portal version 6.2.0.
What impact does CVE-2015-5176 have on applications?
CVE-2015-5176 could allow remote attackers to access sensitive resources that should be protected.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/severity
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/redhat
- canonical/red hat jboss portal
- version/red hat jboss portal/6.2.0