CVE-2011-4605
Summary
| CVE | CVE-2011-4605 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2012-11-23 20:55:00 UTC |
| Updated | 2023-02-13 00:22:00 UTC |
| Description | The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly restrict write access, which allows remote attackers to add, delete, or modify items in a JNDI tree via unspecified vectors. |
Risk And Classification
Problem Types: CWE-264
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Red Hat Customer Portal | MISC | access.redhat.com | |
| Security Advisory SA49658 - Red Hat update for JBoss Enterprise Products - Secunia | SECUNIA | secunia.com | Vendor Advisory |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | |
| Red Hat Customer Portal | MISC | access.redhat.com | |
| RHSA-2012:1125 | REDHAT | rhn.redhat.com | |
| Security Advisory SA49656 - Red Hat update for JBoss Enterprise Products - Secunia | SECUNIA | secunia.com | Vendor Advisory |
| Red Hat Customer Portal - Access to 24x7 support and knowledge | MISC | access.redhat.com | |
| Red Hat Customer Portal - Access to 24x7 support and knowledge | MISC | access.redhat.com | |
| Red Hat Customer Portal | MISC | access.redhat.com | |
| 766469 – (CVE-2011-4605) CVE-2011-4605 JNDI: unauthenticated remote write access is permitted by default | MISC | bugzilla.redhat.com | |
| Red Hat Customer Portal | MISC | access.redhat.com | |
| Red Hat Customer Portal | MISC | access.redhat.com | |
| Red Hat Customer Portal - Access to 24x7 support and knowledge | MISC | access.redhat.com | |
| Red Hat Customer Portal - Access to 24x7 support and knowledge | MISC | access.redhat.com | |
| JBoss 'ignoreBaseDecision' Property May Let Remote Authenticated Users Bypass Access Controls - SecurityTracker | SECTRACK | www.securitytracker.com | |
| Red Hat Customer Portal - Access to 24x7 support and knowledge | MISC | access.redhat.com | |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | |
| Security Advisory SA50084 - Red Hat update for JBoss Enterprise SOA Platform - Secunia | SECUNIA | secunia.com | Vendor Advisory |
| JBoss Enterprise Application Platform CVE-2011-4605 Security Bypass Vulnerability | BID | www.securityfocus.com | |
| Red Hat Customer Portal - Access to 24x7 support and knowledge | MISC | access.redhat.com | |
| 766469 – (CVE-2011-4605) CVE-2011-4605 JNDI: unauthenticated remote write access is permitted by default | MISC | bugzilla.redhat.com | |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | |
| RHSA-2012:1023 | REDHAT | rhn.redhat.com | |
| CVE-2011-4605 - Red Hat Customer Portal | MISC | access.redhat.com | |
| RHSA-2012:1295 | REDHAT | rhn.redhat.com | |
| RHSA-2012:1028 | REDHAT | rhn.redhat.com | |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | |
| Security Advisory SA50549 - Red Hat update for JBoss Enterprise Portal Platform - Secunia | SECUNIA | secunia.com | Vendor Advisory |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.