[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2011-4608Date: (C)2012-01-27   (M)2023-12-22


mod_cluster in JBoss Enterprise Application Platform 5.1.2 for Red Hat Linux allows worker nodes to register with arbitrary virtual hosts, which allows remote attackers to bypass intended access restrictions and provide malicious content, hijack sessions, and steal credentials by registering from an external vhost that does not enforce security constraints.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECTRACK-1026545
BID-51554
RHSA-2012:0035
RHSA-2012:0036
RHSA-2012:0037
RHSA-2012:0038
RHSA-2012:0039
RHSA-2012:0040
https://bugzilla.redhat.com/show_bug.cgi?id=767020
jboss-modcluster-security-bypass(72460)

CWE    1
CWE-264

© SecPod Technologies