PT-2013-1603 · Red Hat · Jboss Web Platform+3

Carlo De Wolf

Publicado

2013-02-05

Atualizado

2017-08-29

CVE-2012-3370

CVSS v2.0

5.8

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions JBoss Enterprise Application Platform (EAP) versions prior to 5.2.0 JBoss Web Platform (EWP) versions prior to 5.2.0 BRMS Platform versions prior to 5.3.1 SOA Platform versions prior to 5.3.1

Description The issue allows remote attackers to gain privileges as other users due to the SecurityAssociation.getCredential method returning the credentials of the previous user when a security context is not provided.

Recommendations For JBoss Enterprise Application Platform (EAP) versions prior to 5.2.0, update to version 5.2.0 or later. For JBoss Web Platform (EWP) versions prior to 5.2.0, update to version 5.2.0 or later. For BRMS Platform versions prior to 5.3.1, update to version 5.3.1 or later. For SOA Platform versions prior to 5.3.1, update to version 5.3.1 or later.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

CVE-2012-3370

RHSA-2013:0191

RHSA-2013:0192

RHSA-2013:0193

RHSA-2013:0195

RHSA-2013:0196

RHSA-2013:0197

Produtos afetados

Brms Platform

Red Hat Jboss Enterprise Application Platform

Jboss Web Platform

Soa Platform

PT-2013-1603 · Red Hat · Jboss Web Platform+3

CVE-2012-3370

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 19