Red Hat JBoss Portal PortletBridge PortletRequestDispatcher Code Injection Vulnerability

Red Hat JBoss Portal is the United States Red Hat Red Hat a set of open source and standards-compliant portal platform , it can build , layout of a portal Web interface for publishing , managing content and customizing the user experience . PortletBridge is a JSR-301 and JSR 329 draft...

Design/Logic Flaw

The PortletRequestDispatcher in PortletBridge, as used in Red Hat JBoss Portal 6.2.0, does not properly enforce the security constraints of servlets, which allows remote attackers to gain access to resources via a request that asks to render a non-JSF resource...

CVE-2015-5176

The PortletRequestDispatcher in PortletBridge, as used in Red Hat JBoss Portal 6.2.0, does not properly enforce the security constraints of servlets, which allows remote attackers to gain access to resources via a request that asks to render a non-JSF resource...

CVE-2015-5176

CVE-2015-5176 concerns Red Hat JBoss Portal 6.2.0: the PortletBridge PortletRequestDispatcher fails to enforce servlet security constraints, allowing a remote attacker to access resources by requesting rendering of a non-JSF resource. Root cause: improper enforcement of servlet constraints in Por...

PortletBridge: information disclosure via auto-dispatching of non-JSF resources

It was found that PortletBridge PortletRequestDispatcher did not respect security constraints set by the servlet if a portlet request asked for rendering of a non-JSF resource such as JSP or HTML. A remote attacker could use this flaw to potentially bypass certain security constraints and gain...

Moderate: Red Hat Security Advisory: Red Hat JBoss Portal 6.2.0 security update

An update for the PortletBridge component of Red Hat JBoss Portal 6.2.0 that fixes one security issue is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which...

JSF: Information disclosure due to missing access restriction in portlet resource dispatching

It was found that JavaServer Faces PortletBridge-based portlets using GenericPortlet's default resource serving did not restrict access to resources within the web application. An attacker could set the resource ID field of a URL to potentially bypass security constraints and gain access to...

Moderate: Red Hat Security Advisory: Red Hat JBoss Portal 6.2.0 security update

An update for the PortletBridge component of Red Hat JBoss Portal 6.2.0 that fixes one security issue is now available from the Red Hat Customer Portal. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which...