{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"moderate"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2011-4085","title":"Title"},{"category":"description","text":"The servlets invoked by httpha-invoker in JBoss Enterprise Application Platform before 5.1.2, SOA Platform before 5.2.0, BRMS Platform before 5.3.0, and Portal Platform before 4.3 CP07 perform access control only for the GET and POST methods, which allow remote attackers to bypass authentication by sending a request with a different method.  NOTE: this vulnerability exists because of a CVE-2010-0738 regression.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2011-4085","url":"https://www.suse.com/security/cve/CVE-2011-4085"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 735883 for CVE-2011-4085","url":"https://bugzilla.suse.com/735883"},{"category":"external","summary":"SUSE Bug 735884 for CVE-2011-4085","url":"https://bugzilla.suse.com/735884"}],"title":"SUSE CVE CVE-2011-4085","tracking":{"current_release_date":"2025-07-08T00:29:46Z","generator":{"date":"2023-02-15T05:50:15Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2011-4085","initial_release_date":"2023-02-15T05:50:15Z","revision_history":[{"date":"2023-02-15T05:50:15Z","number":"2","summary":"Current version"},{"date":"2025-07-08T00:29:46Z","number":"3","summary":"Current version"}],"status":"interim","version":"3"}}}