Vulnerability Details : CVE-2011-4608
mod_cluster in JBoss Enterprise Application Platform 5.1.2 for Red Hat Linux allows worker nodes to register with arbitrary virtual hosts, which allows remote attackers to bypass intended access restrictions and provide malicious content, hijack sessions, and steal credentials by registering from an external vhost that does not enforce security constraints.
Exploit prediction scoring system (EPSS) score for CVE-2011-4608
Probability of exploitation activity in the next 30 days: 1.50%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 85 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2011-4608
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2011-4608
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-4608
-
http://www.securityfocus.com/bid/51554
JBoss 'mod_cluster' Security Bypass Vulnerability
-
https://bugzilla.redhat.com/show_bug.cgi?id=767020
767020 – (CVE-2011-4608) CVE-2011-4608 mod_cluster: malicious worker nodes can register on any vhost
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/72460
JBoss mod_cluster security bypass CVE-2011-4608 Vulnerability Report
-
http://www.securitytracker.com/id?1026545
JBoss mod_cluster Lets Remote Workers Bypass Security Restrictions - SecurityTracker
-
http://www.redhat.com/support/errata/RHSA-2012-0036.html
SupportVendor Advisory
-
http://www.redhat.com/support/errata/RHSA-2012-0035.html
SupportVendor Advisory
-
http://www.redhat.com/support/errata/RHSA-2012-0039.html
SupportVendor Advisory
-
http://www.redhat.com/support/errata/RHSA-2012-0037.html
SupportVendor Advisory
-
http://www.redhat.com/support/errata/RHSA-2012-0040.html
SupportVendor Advisory
-
http://www.redhat.com/support/errata/RHSA-2012-0038.html
SupportVendor Advisory
Products affected by CVE-2011-4608
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.1.2:*:*:*:*:*:*:*