Lucene search

K
cve[email protected]CVE-2015-5176
HistoryAug 11, 2015 - 2:59 p.m.

CVE-2015-5176

2015-08-1114:59:11
CWE-17
web.nvd.nist.gov
21
cve-2015-5176
portletrequestdispatcher
portletbridge
red hat jboss portal 6.2.0
security constraints
remote attackers
servlets
nvd

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

7.1 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

56.5%

The PortletRequestDispatcher in PortletBridge, as used in Red Hat JBoss Portal 6.2.0, does not properly enforce the security constraints of servlets, which allows remote attackers to gain access to resources via a request that asks to render a non-JSF resource.

Affected configurations

NVD
Node
redhatjboss_portalMatch6.2.0

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

7.1 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

56.5%

Related for CVE-2015-5176