Red Hat Security Advisory 2015-1226-01 – Red Hat JBoss Portal is the open source implementation of the Java EE suite of services and Portal services running atop Red Hat JBoss Enterprise Application Platform. It was found that JavaServer Faces PortletBridge-based portlets using GenericPortlet’s default resource serving did not restrict access to resources within the web application. An attacker could set the resource ID field of a URL to potentially bypass security constraints and gain access to restricted resources.