Detections
Analytics

CVE-2011-4605

high

Description

The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x before 5.2.2, and BRMS Platform before 5.3.0 do not properly restrict write access, which allows remote attackers to add, delete, or modify items in a JNDI tree via unspecified vectors.

References

http://www.securitytracker.com/id?1027501

http://www.securityfocus.com/bid/54644

http://secunia.com/advisories/50549

http://secunia.com/advisories/50084

http://secunia.com/advisories/49658

http://secunia.com/advisories/49656

http://rhn.redhat.com/errata/RHSA-2012-1295.html

http://rhn.redhat.com/errata/RHSA-2012-1232.html

http://rhn.redhat.com/errata/RHSA-2012-1125.html

http://rhn.redhat.com/errata/RHSA-2012-1109.html

http://rhn.redhat.com/errata/RHSA-2012-1028.html

http://rhn.redhat.com/errata/RHSA-2012-1027.html

http://rhn.redhat.com/errata/RHSA-2012-1026.html

http://rhn.redhat.com/errata/RHSA-2012-1025.html

http://rhn.redhat.com/errata/RHSA-2012-1024.html

http://rhn.redhat.com/errata/RHSA-2012-1023.html

http://rhn.redhat.com/errata/RHSA-2012-1022.html

http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=766469

Details

Source: Mitre, NVD

Published: 2012-11-23

Updated: 2023-02-13

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 7.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Severity: High