Vulnerability in Redhat Jboss_enterprise_application_platform

CVE-2011-4605

The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory invoker servlet in JBoss Enterprise Application Platform 4.3.0 CP10 and 5.1.2, Web Platform 5.1.2, SOA Platform 4.2.0.CP05 and 4.3.0.CP05, Portal Platform 4.3 CP07 and 5.2.x…

EPSS: 0.020 (84.1th percentile) — read the EPSS interpretation.

Affected products

Redhat Jboss_enterprise_application_platform — versions 4.3.0, 5.1.2
Redhat Jboss_enterprise_brms_platform
Redhat Jboss_enterprise_portal_platform — versions 4.3.0, 5.2.0, 5.2.1
Redhat Jboss_enterprise_soa_platform — versions 4.2.0, 4.3.0
Redhat Jboss_enterprise_web_platform — versions 5.1.2
N/a — versions n/a

Weakness classification (CWE)

CWE-264

References

1027501 (vdb-entry, x_refsource_SECTRACK)
49656 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
RHSA-2012:1028 (x_refsource_REDHAT, vendor-advisory)
secalert@redhat.com (x_refsource_MISC)
49658 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
RHSA-2012:1109 (x_refsource_REDHAT, vendor-advisory)
RHSA-2012:1025 (x_refsource_REDHAT, vendor-advisory)
50084 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
RHSA-2012:1295 (x_refsource_REDHAT, vendor-advisory)
RHSA-2012:1027 (x_refsource_REDHAT, vendor-advisory)