CVE-2011-4608 β€” Incorrect Authorization in Redhat Jboss Enterprise Application Platform

CWE-264CWE-863 β€” Incorrect Authorization5 documents5 sources
Severity
7.5HIGHNVD
EPSS
0.7%
top 26.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Jboss Enterprise Application Platform
Timeline
PublishedJan 27
Latest updateMay 17

Description

mod_cluster in JBoss Enterprise Application Platform 5.1.2 for Red Hat Linux allows worker nodes to register with arbitrary virtual hosts, which allows remote attackers to bypass intended access restrictions and provide malicious content, hijack sessions, and steal credentials by registering from an external vhost that does not enforce security constraints.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

πŸ”΄Vulnerability Details

2
GHSA
GHSA-3vmm-p7jr-jw44: mod_cluster in JBoss Enterprise Application Platform 5β†—2022-05-17
β–Ά
CVEList
CVE-2011-4608: mod_cluster in JBoss Enterprise Application Platform 5β†—2012-01-27
β–Ά

πŸ“‹Vendor Advisories

1
Red Hat
mod_cluster: malicious worker nodes can register on any vhost↗2012-01-18
β–Ά

πŸ’¬Community

1
Bugzilla
CVE-2011-4608 mod_cluster: malicious worker nodes can register on any vhost↗2011-12-13
β–Ά
CVE-2011-4608 β€” Incorrect Authorization in Redhat | cvebase