PT-2019-6761 · Red Hat · Jboss As 7

Arun Babu Neelicattu

Publicado

2019-12-18

Atualizado

2019-12-23

CVE-2012-2312

CVSS v2.0

4.6

Média

Vetor

AV:L/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions JBoss AS 7 Community Release (affected versions not specified)

Description The issue is related to the improper implementation of security context propagation in JBoss AS 7 Community Release. This allows a local user to obtain elevated privileges by reusing a thread from the thread pool that still retains the security context from the last process used.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Privilege Management

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-269

Identificadores relacionados

CVE-2012-2312

Produtos afetados

Jboss As 7

PT-2019-6761 · Red Hat · Jboss As 7

CVE-2012-2312

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6