Vulnerability Description
The Portlet Bridge for JavaServer Faces in Red Hat JBoss Portal 6.2.0, when used in portlets with the default resource serving for GenericPortlet, does not properly restrict access to restricted resources, which allows remote attackers to obtain sensitive information via a URL with a modified resource ID.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Jboss Enterprise Portal Platform | 6.2.0 |
Related Weaknesses (CWE)
References
- http://rhn.redhat.com/errata/RHSA-2015-1226.htmlVendor Advisory
- http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
- http://www.securityfocus.com/bid/75941
- https://bugzilla.redhat.com/show_bug.cgi?id=1232908Vendor Advisory
- http://rhn.redhat.com/errata/RHSA-2015-1226.htmlVendor Advisory
- http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html
- http://www.securityfocus.com/bid/75941
- https://bugzilla.redhat.com/show_bug.cgi?id=1232908Vendor Advisory
FAQ
What is CVE-2015-3244?
CVE-2015-3244 is a vulnerability with a CVSS score of 4.9 (MEDIUM). The Portlet Bridge for JavaServer Faces in Red Hat JBoss Portal 6.2.0, when used in portlets with the default resource serving for GenericPortlet, does not properly restrict access to restricted resou...
How severe is CVE-2015-3244?
CVE-2015-3244 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-3244?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Jboss Enterprise Portal Platform.