Описание
Red Hat JBoss Enterprise Application Platform (EAP) before 6.1.0 and JBoss Portal before 6.1.0 does not load the implementation of a custom authorization module for a new application when an implementation is already loaded and the modules share class names, which allows local users to control certain applications' authorization decisions via a crafted application.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss Portal 6 | Security | Affected | ||
| Red Hat JBoss Enterprise Application Platform 6.1 | Fixed | RHSA-2013:0833 | 20.05.2013 | |
| Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 | apache-commons-daemon-eap6 | Fixed | RHSA-2013:0839 | 20.05.2013 |
| Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 | apache-commons-daemon-jsvc-eap6 | Fixed | RHSA-2013:0839 | 20.05.2013 |
| Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 | apache-commons-pool-eap6 | Fixed | RHSA-2013:0839 | 20.05.2013 |
| Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 | apache-cxf | Fixed | RHSA-2013:0839 | 20.05.2013 |
| Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 | apache-cxf-xjc-utils | Fixed | RHSA-2013:0839 | 20.05.2013 |
| Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 | atinject | Fixed | RHSA-2013:0839 | 20.05.2013 |
| Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 | atinject-eap6 | Fixed | RHSA-2013:0839 | 20.05.2013 |
| Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 | codehaus-jackson | Fixed | RHSA-2013:0839 | 20.05.2013 |
Показывать по
Дополнительная информация
Статус:
EPSS
3.7 Low
CVSS2
Связанные уязвимости
Red Hat JBoss Enterprise Application Platform (EAP) before 6.1.0 and JBoss Portal before 6.1.0 does not load the implementation of a custom authorization module for a new application when an implementation is already loaded and the modules share class names, which allows local users to control certain applications' authorization decisions via a crafted application.
Red Hat JBoss Enterprise Application Platform (EAP) before 6.1.0 and JBoss Portal before 6.1.0 does not load the implementation of a custom authorization module for a new application when an implementation is already loaded and the modules share class names, which allows local users to control certain applications' authorization decisions via a crafted application.
Red Hat JBoss Enterprise Application Platform (EAP) before 6.1.0 and J ...
Red Hat JBoss Enterprise Application Platform (EAP) before 6.1.0 and JBoss Portal before 6.1.0 does not load the implementation of a custom authorization module for a new application when an implementation is already loaded and the modules share class names, which allows local users to control certain applications' authorization decisions via a crafted application.
EPSS
3.7 Low
CVSS2