Multiple JBoss products contain a flaw related to the Java Naming and Directory Interface (JNDI) service. This issue is triggered by the program not properly restricting access to certain services. This may allow a remote attacker to bypass restrictions and manipulate objects or services in the JNDI tree.

Currently, there are no known workarounds or upgrades to correct this issue. However, Red Hat has released a patch to address this vulnerability. Check the Red Hat security advisory in the references section.

• CVE ID: 2011-4605 (see also: NVD)
• Secunia Advisory ID: 49656 49658 50084 50549
• Vendor Specific Advisory URL: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=766469
• RedHat RHSA: RHSA-2012:1022 RHSA-2012:1023 RHSA-2012:1024 RHSA-2012:1025 RHSA-2012:1026 RHSA-2012:1027 RHSA-2012:1125 RHSA-2012:1232

• Not Available