CVE-2015-5176

The PortletRequestDispatcher in PortletBridge, as used in Red Hat JBoss Portal 6.2.0, does not properly enforce the security constraints of servlets, which allows remote attackers to gain access to resources via a request that asks to render a non-JSF resource.

CVSS v2.0 5.8 MEDIUM

5.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:N

Exploitability : 8.6 / Impact : 4.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://rhn.redhat.com/errata/RHSA-2015-1543.html	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:redhat:jboss_portal:6.2.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2015-08-11 14:59

Updated : 2015-08-11 18:08

NVD link : CVE-2015-5176

Mitre link : CVE-2015-5176

CVE.ORG link : CVE-2015-5176

JSON object : View

Products Affected

redhat

jboss_portal

CWE

CWE-17

DEPRECATED: Code

5.8 /10