PT-2013-1602 · Red Hat · Jboss Web Platform+3

Carlo De Wolf

Publicado

2013-02-05

Atualizado

2017-08-29

CVE-2012-3369

CVSS v2.0

4.0

Média

Vetor

AV:N/AC:H/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions JBoss Enterprise Application Platform (EAP) versions prior to 5.2.0 JBoss Web Platform (EWP) versions prior to 5.2.0 JBoss BRMS Platform versions prior to 5.3.1 JBoss SOA Platform versions prior to 5.3.1

Description The issue allows remote attackers to gain privileges of the previous user via a null password, which causes the previous user's password to be used. This occurs due to a flaw in the CallerIdentityLoginModule.

Recommendations For JBoss Enterprise Application Platform (EAP) versions prior to 5.2.0, update to version 5.2.0 or later. For JBoss Web Platform (EWP) versions prior to 5.2.0, update to version 5.2.0 or later. For JBoss BRMS Platform versions prior to 5.3.1, update to version 5.3.1 or later. For JBoss SOA Platform versions prior to 5.3.1, update to version 5.3.1 or later.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

CVE-2012-3369

RHSA-2013:0191

RHSA-2013:0192

RHSA-2013:0193

RHSA-2013:0195

RHSA-2013:0196

RHSA-2013:0197

Produtos afetados

Jboss Brms Platform

Red Hat Jboss Enterprise Application Platform

Jboss Soa Platform

Jboss Web Platform

PT-2013-1602 · Red Hat · Jboss Web Platform+3

CVE-2012-3369

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 18