CVE-2015-5176

Vulnerability

The PortletRequestDispatcher component in PortletBridge, as used in Red Hat JBoss Portal 6.2.0, does not properly enforce the security constraints defined for servlets. When a portlet request asks to render a non-JSF resource (such as a JSP or HTML file), the dispatcher bypasses the configured security checks. This flaw affects all deployments of Red Hat JBoss Portal 6.2.0 [1].

Exploitation

An attacker can exploit this vulnerability by sending a crafted request to a portlet that triggers the PortletRequestDispatcher to render a non-JSF resource. No authentication or special privileges are required; the attacker only needs network access to the portal server. The request bypasses the servlet security constraints, allowing the attacker to access resources that should be protected [1].

Impact

Successful exploitation leads to unauthorized access to restricted resources, such as JSP pages or HTML files that are normally protected by security constraints. This results in information disclosure, potentially exposing sensitive data or configuration details. The attacker gains the ability to view resources that are not intended for public access [1].

Mitigation

Red Hat has released a security update for Red Hat JBoss Portal 6.2.0 that addresses this vulnerability. The update is available from the Red Hat Customer Portal (see RHSA-2015:1543). Users are advised to apply the update and back up their deployments before doing so. No workarounds are documented in the advisory [1].