PT-2013-1800 · Red Hat · Jboss Soa Platform+3

Derek Horton

Publicado

2013-02-05

Atualizado

2017-08-29

CVE-2012-5478

CVSS v2.0

4.9

Média

Vetor

AV:N/AC:M/Au:S/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions JBoss Enterprise Application Platform versions prior to 5.2.0 JBoss Web Platform versions prior to 5.2.0 JBoss BRMS Platform versions prior to 5.3.1 JBoss SOA Platform versions prior to 5.3.1

Description The issue concerns improper access restriction in the AuthorizationInterceptor, allowing remote authenticated users to bypass intended role restrictions. This enables them to perform arbitrary JMX operations, although the specific vectors are not specified.

Recommendations For JBoss Enterprise Application Platform versions prior to 5.2.0, update to version 5.2.0 or later. For JBoss Web Platform versions prior to 5.2.0, update to version 5.2.0 or later. For JBoss BRMS Platform versions prior to 5.3.1, update to version 5.3.1 or later. For JBoss SOA Platform versions prior to 5.3.1, update to version 5.3.1 or later.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

CVE-2012-5478

RHSA-2013:0191

RHSA-2013:0192

RHSA-2013:0193

RHSA-2013:0195

RHSA-2013:0196

RHSA-2013:0197

Produtos afetados

Jboss Brms Platform

Red Hat Jboss Enterprise Application Platform

Jboss Soa Platform

Jboss Web Platform

PT-2013-1800 · Red Hat · Jboss Soa Platform+3

CVE-2012-5478

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 17