Описание
Red Hat JBoss Operations Network (JON) before 2.4.2 and 3.0.x before 3.0.1 allows remote attackers to hijack agent sessions via an agent registration request without a security token.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss BRMS 5 | Security | Not affected | ||
| Red Hat JBoss Operations Network 2.4 | Fixed | RHSA-2012:0089 | 01.02.2012 | |
| Red Hat JBoss Operations Network 3.0 | Fixed | RHSA-2012:0406 | 20.03.2012 |
Показывать по
10
Дополнительная информация
Статус:
Important
https://bugzilla.redhat.com/show_bug.cgi?id=783008JON: Unapproved agents can hijack an approved agent's endpoint by using a null security token
5.8 Medium
CVSS2
Связанные уязвимости
nvd
почти 12 лет назад
Red Hat JBoss Operations Network (JON) before 2.4.2 and 3.0.x before 3.0.1 allows remote attackers to hijack agent sessions via an agent registration request without a security token.
github
почти 4 года назад
Red Hat JBoss Operations Network (JON) before 2.4.2 and 3.0.x before 3.0.1 allows remote attackers to hijack agent sessions via an agent registration request without a security token.
5.8 Medium
CVSS2