The servlets invoked by httpha-invoker in JBoss Enterprise Application Platform before 5.1.2, SOA Platform before 5.2.0, BRMS Platform before 5.3.0, and Portal Platform before 4.3 CP07 perform access control only for the GET and POST methods, which allow remote attackers to bypass authentication by sending a request with a different method. NOTE: this vulnerability exists because of a CVE-2010-0738 regression.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2012-11-23T20:00:00

Updated: 2024-08-06T23:53:32.785Z

Reserved: 2011-10-18T00:00:00

Link: CVE-2011-4085

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2012-11-23T20:55:01.867

Modified: 2024-11-21T01:31:48.957

Link: CVE-2011-4085

cve-icon Redhat

Severity : Low

Publid Date: 2011-11-16T00:00:00Z

Links: CVE-2011-4085 - Bugzilla