CVE-2011-4085

creationtimestamp| type| source ---|---|--- 2025-08-05 21:02:20+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3lvom73vwep2a 2026-02-02 12:25:26+00:00| exploited| https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/657e89ab-9b5d-4cea-9802-901a5d6a8a8f...

VulnCheck KEV: CVE-2011-4085

The servlets invoked by httpha-invoker in JBoss Enterprise Application Platform before 5.1.2, SOA Platform before 5.2.0, BRMS Platform before 5.3.0, and Portal Platform before 4.3 CP07 perform access control only for the GET and POST methods, which allow remote attackers to bypass authentication ...

RHEL 4 : JBoss EAP (RHSA-2011:1800)

Updated JBoss Enterprise Application Platform 5.1.2 packages that fix two security issues, various bugs, and add several enhancements are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability...

RHEL 5 : JBoss Enterprise Application Platform 5.1.2 update (Low) (RHSA-2011:1799)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2011:1799 advisory. JBoss Enterprise Application Platform is a platform for Java applications, which integrates the JBoss Application Server with JBoss Hibernat...

RHEL 6 : JBoss Enterprise Application Platform 5.1.2 update (Low) (RHSA-2011:1798)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2011:1798 advisory. - Invoker servlets authentication bypass HTTP verb tampering CVE-2011-4085 - openid4java AX extension: MITM due to improper validation of AX...

CVE-2011-4085

The servlets invoked by httpha-invoker in JBoss Enterprise Application Platform before 5.1.2, SOA Platform before 5.2.0, BRMS Platform before 5.3.0, and Portal Platform before 4.3 CP07 perform access control only for the GET and POST methods, which allow remote attackers to bypass authentication ...

CVE-2011-4085

The CVE-2011-4085 description specifies an authentication bypass vulnerability in JBoss platforms where the servlets invoked by httpha-invoker (in JBoss EAP before 5.1.2, SOA Platform before 5.2.0, BRMS Platform before 5.3.0, and Portal Platform before 4.3 CP07) enforce access control only for GE...

JBoss Enterprise SOA Platform调用程序身份验证绕过漏洞

BUGTRAQ ID: 50720 CVE ID: CVE-2011-4085 JBoss企业应用平台（JBoss Enterprise Application Platform，EAP）是J2EE应用的中间件平台。 JBoss Enterprise Application Platform在调用程序的实现上存在安全漏洞，攻击者可利用此漏洞绕过身份验证机制，非法访问受影响应用程序。 RedHat JBoss EAP 5.x 厂商补丁： RedHat ------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.jboss.org/...

Low: Red Hat Security Advisory: JBoss Enterprise Application Platform 5.1.2 update

JBoss Enterprise Application Platform 5.1.2, which fixes two security issues, various bugs, and adds several enhancements is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System...

Low: Red Hat Security Advisory: JBoss Enterprise Application Platform 5.1.2 update

Updated JBoss Enterprise Application Platform 5.1.2 packages that fix two security issues, various bugs, and add several enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability...

Low: Red Hat Security Advisory: JBoss Enterprise Application Platform 5.1.2 update

Updated JBoss Enterprise Application Platform 5.1.2 packages that fix two security issues, various bugs, and add several enhancements are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability...

Red Hat Security Advisory 2011-1798-01

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Low: JBoss Enterprise Application Platform 5.1.2 update Advisory ID: RHSA-2011:1798-01 Product: JBoss Enterprise Application Platform Advisory UR...

JBoss Enterprise SOA平台Servlet调用器验证绕过漏洞

Bugtraq ID: 50720 CVE ID：CVE-2011-4085 JBoss Enterprise SOA Platform是一款企业级服务导向架构平台。 通过httpha-invoker部署的Servlet调用器，仅对HTTP GET和POST方法执行了访问控制，允许远程攻击者通过其他不同的HTTP方法执行未验证请求。由于安全拦截器提供的第二层验证，此问题不能在默认安装上利用，除非管理员错误的配置了安全拦截器或禁用了它。 JBoss Enterprise SOA Platform 5.2.0 厂商解决方案 JBoss Enterprise SOA Platform...