CVE-2011-4085
EXPLOITEDJBoss Enterprise Application Platform <5.1.2 - Auth Bypass
Title source: llmDescription
The servlets invoked by httpha-invoker in JBoss Enterprise Application Platform before 5.1.2, SOA Platform before 5.2.0, BRMS Platform before 5.3.0, and Portal Platform before 4.3 CP07 perform access control only for the GET and POST methods, which allow remote attackers to bypass authentication by sending a request with a different method. NOTE: this vulnerability exists because of a CVE-2010-0738 regression.
References (11)
Scores
EPSS
0.0072
EPSS Percentile
72.2%
Exploitation Intel
VulnCheck KEV
2025-07-14
Classification
CWE
CWE-287
Status
draft
Affected Products (26)
redhat/jboss_enterprise_application_platform
< 5.1.1
redhat/jboss_enterprise_application_platform
redhat/jboss_enterprise_application_platform
redhat/jboss_enterprise_application_platform
redhat/jboss_enterprise_application_platform
redhat/jboss_enterprise_application_platform
redhat/jboss_enterprise_soa_platform
< 5.1.1
redhat/jboss_enterprise_soa_platform
redhat/jboss_enterprise_soa_platform
redhat/jboss_enterprise_soa_platform
redhat/jboss_enterprise_soa_platform
redhat/jboss_enterprise_soa_platform
redhat/jboss_enterprise_soa_platform
redhat/jboss_enterprise_soa_platform
redhat/jboss_enterprise_soa_platform
... and 11 more
Timeline
Published
Nov 23, 2012
Tracked Since
Feb 18, 2026