PT-2013-1690 · Red Hat · Red Hat Jboss Portal+1

Publicado

2013-10-28

Atualizado

2013-10-30

CVE-2012-4572

CVSS v2.0

3.7

Baixa

Vetor

AV:L/AC:H/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Red Hat JBoss Enterprise Application Platform (EAP) versions prior to 6.1.0 Red Hat JBoss Portal versions prior to 6.1.0

Description The issue allows local users to control certain applications' authorization decisions via a crafted application. This occurs because the implementation of a custom authorization module for a new application is not loaded when an implementation is already loaded and the modules share class names.

Recommendations For Red Hat JBoss Enterprise Application Platform (EAP) versions prior to 6.1.0, update to version 6.1.0 or later. For Red Hat JBoss Portal versions prior to 6.1.0, update to version 6.1.0 or later.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

CVE-2012-4572

RHSA-2013:0834

RHSA-2013:0839

Produtos afetados

Red Hat Jboss Enterprise Application Platform

Red Hat Jboss Portal

PT-2013-1690 · Red Hat · Red Hat Jboss Portal+1

CVE-2012-4572

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5