CVE-2014-0018

Name of the Vulnerable Software and Affected Versions Red Hat JBoss Enterprise Application Platform (JBEAP) version 6.2.0 JBoss WildFly Application Server (affected versions not specified)

Description The issue arises when the software is run under a security manager, as it fails to properly restrict access to the Modular Service Container (MSC) service registry. This allows local users to modify the server by creating a crafted deployment.

Recommendations For Red Hat JBoss Enterprise Application Platform (JBEAP) version 6.2.0, consider restricting access to the Modular Service Container (MSC) service registry until a proper fix is available. For JBoss WildFly Application Server, at the moment, there is no information about a newer version that contains a fix for this vulnerability.