CVE-2014-7853

Опубликовано: 13 фев. 2015

Источник: nvd

CVSS2: 4

EPSS Низкий

Описание

The JBoss Application Server (WildFly) JacORB subsystem in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 does not properly assign socket-binding-ref sensitivity classification to the security-domain attribute, which allows remote authenticated users to obtain sensitive information by leveraging access to the security-domain attribute.

Ссылки

http://rhn.redhat.com/errata/RHSA-2015-0215.html
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2015-0216.html
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2015-0217.html
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2015-0218.html
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2015-0920.html
Vendor Advisory
http://www.securitytracker.com/id/1031741
https://exchange.xforce.ibmcloud.com/vulnerabilities/100891
http://rhn.redhat.com/errata/RHSA-2015-0215.html
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2015-0216.html
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2015-0217.html
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2015-0218.html
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2015-0920.html
Vendor Advisory
http://www.securitytracker.com/id/1031741
https://exchange.xforce.ibmcloud.com/vulnerabilities/100891

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:redhat:jboss_operations_network:3.3.1:*:*:*:*:*:*:*

Конфигурация 2

cpe:2.3:a:redhat:jboss_enterprise_application_platform:*:*:*:*:*:*:*:*

Версия до 6.3.2 (включая)

EPSS

Процентиль: 62%

0.00428

Низкий

4 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

CVE-2014-7853

redhat

почти 11 лет назад

GHSA-7cr6-g5pc-g6g4

github

больше 3 лет назад