CVE-2007-1354

Name of the Vulnerable Software and Affected Versions JBoss Application Server versions 4.0.2 through 4.0.5

Description The issue concerns the Access Control functionality in the JMX Console of JBoss Application Server. Specifically, it involves the JMXOpsAccessControlFilter, which uses a member variable to store the roles of the current user. This can lead to a race condition, allowing remote authenticated administrators to gain privileges by logging in during a session by a more privileged administrator. For example, this could result in privilege escalation from Read Mode to Write Mode.

Recommendations For JBoss Application Server versions 4.0.2 through 4.0.5, consider updating to a version released after 20070416 to resolve the issue.