CVE-2015-3244
Summary
| CVE | CVE-2015-3244 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2015-07-16 11:00:00 UTC |
| Updated | 2016-11-28 19:23:00 UTC |
| Description | The Portlet Bridge for JavaServer Faces in Red Hat JBoss Portal 6.2.0, when used in portlets with the default resource serving for GenericPortlet, does not properly restrict access to restricted resources, which allows remote attackers to obtain sensitive information via a URL with a modified resource ID. |
Risk And Classification
Problem Types: CWE-264
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Redhat | Jboss Enterprise Portal Platform | 6.2.0 | All | All | All |
| Application | Redhat | Jboss Enterprise Portal Platform | 6.2.0 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | Vendor Advisory |
| Oracle Critical Patch Update - July 2015 | CONFIRM | www.oracle.com | |
| 1232908 – (CVE-2015-3244) CVE-2015-3244 JSF: Information disclosure due to missing access restriction in portlet resource dispatching | CONFIRM | bugzilla.redhat.com | Vendor Advisory |
| Portlet Bridge for JavaServer Faces CVE-2015-3244 Information Disclosure Vulnerability | BID | www.securityfocus.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.