The PortletRequestDispatcher in PortletBridge, as used in Red Hat JBoss Portal 6.2.0, does not properly enforce the security constraints of servlets, which allows remote attackers to gain access to resources via a request that asks to render a non-JSF resource.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2015-08-11T14:00:00
Updated: 2024-08-06T06:41:07.566Z
Reserved: 2015-07-01T00:00:00
Link: CVE-2015-5176
Vulnrichment
No data.
NVD
Status : Modified
Published: 2015-08-11T14:59:11.557
Modified: 2024-11-21T02:32:30.350
Link: CVE-2015-5176
Redhat