CVE-2015-5176

CWE-17CWE-284Improper Access Control5 documents5 sources
Severity
5.8MEDIUM
EPSS
0.2%
top 52.45%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Jboss Portal
Timeline
PublishedAug 11
Latest updateMay 17

Description

The PortletRequestDispatcher in PortletBridge, as used in Red Hat JBoss Portal 6.2.0, does not properly enforce the security constraints of servlets, which allows remote attackers to gain access to resources via a request that asks to render a non-JSF resource.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-66rg-hrjv-v265: The PortletRequestDispatcher in PortletBridge, as used in Red Hat JBoss Portal 62022-05-17
CVEList
CVE-2015-5176: The PortletRequestDispatcher in PortletBridge, as used in Red Hat JBoss Portal 62015-08-11

📋Vendor Advisories

1
Red Hat
PortletBridge: information disclosure via auto-dispatching of non-JSF resources2015-08-04

💬Community

1
Bugzilla
CVE-2015-5176 PortletBridge: information disclosure via auto-dispatching of non-JSF resources2015-07-20
CVE-2015-5176 (MEDIUM CVSS 5.8) | The PortletRequestDispatcher in Por | cvebase.io