CVE-2013-0314
Summary
| CVE | CVE-2013-0314 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2013-04-12 22:55:00 UTC |
| Updated | 2013-04-15 04:00:00 UTC |
| Description | The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 does not properly check authentication when importing Zip files, which allows remote attackers to modify site contents, remove the site, or alter the access controls for portlets. |
Risk And Classification
Problem Types: CWE-287
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Redhat | Jboss Enterprise Portal Platform | 5.2.2 | All | All | All |
| Application | Redhat | Jboss Enterprise Portal Platform | 5.2.2 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Security Advisory SA52552 - Red Hat update for JBoss Enterprise Portal Platform - Secunia | SECUNIA | secunia.com | Vendor Advisory |
| 913327 – (CVE-2013-0314) CVE-2013-0314 GateIn Portal: remote unauthenticated site import | MISC | bugzilla.redhat.com | |
| 91120 | OSVDB | www.osvdb.org | |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.