CVE-2011-4605 in Jboss Enterprise Webinfo

Summary

The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly restrict write access, which allows remote attackers to add, delete, or modify items in a JNDI tree via unspecified vectors.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Reservation

11/29/2011

Disclosure

11/23/2012

Moderation

VulDB entry created

Entries

CPE

ready

CWE

CWE-264

Exploit

Download

CVSS

7.3

EPSS

0.02416

CTI

0.00

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2011-4605
NVD	https://nvd.nist.gov/vuln/detail/CVE-2011-4605
CVE Details	https://www.cvedetails.com/cve/CVE-2011-4605/

◂ Previous Overview Next ▸

Do you know our Splunk app?

Download it now for free!