Описание
The default configuration of the (1) LdapLoginModule and (2) LdapExtLoginModule modules in JBoss Enterprise Application Platform (EAP) 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform (EWP) 5.2.0 allow remote attackers to bypass authentication via an empty password.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss BRMS 5 | jbosssx | Affected | ||
| Red Hat JBoss Data Grid 6 | picketbox | Affected | ||
| Red Hat JBoss Operations Network 3.1 | jbosssx | Not affected | ||
| Red Hat JBoss Portal 4 | jbosssx | Affected | ||
| Red Hat JBoss Portal 5 | jbosssx | Affected | ||
| Red Hat JBoss SOA Platform 4.2 | jbosssx | Affected | ||
| Red Hat JBoss SOA Platform 4.3 | jbosssx | Affected | ||
| Red Hat JBoss SOA Platform 5 | jbosssx | Affected | ||
| JBEWP 5 for RHEL 5 | jbosssx2 | Fixed | RHSA-2013:0230 | 04.02.2013 |
| JBEWP 5 for RHEL 6 | jbosssx2 | Fixed | RHSA-2013:0230 | 04.02.2013 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS2
Связанные уязвимости
The default configuration of the (1) LdapLoginModule and (2) LdapExtLoginModule modules in JBoss Enterprise Application Platform (EAP) 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform (EWP) 5.2.0 allow remote attackers to bypass authentication via an empty password.
The default configuration of the (1) LdapLoginModule and (2) LdapExtLoginModule modules in JBoss Enterprise Application Platform (EAP) 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform (EWP) 5.2.0 allow remote attackers to bypass authentication via an empty password.
The default configuration of the (1) LdapLoginModule and (2) LdapExtLo ...
The default configuration of the (1) LdapLoginModule and (2) LdapExtLoginModule modules in JBoss Enterprise Application Platform (EAP) 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform (EWP) 5.2.0 allow remote attackers to bypass authentication via an empty password.
EPSS
7.5 High
CVSS2