CVE-2014-0005

Опубликовано: 31 мар. 2014

Источник: redhat

CVSS2: 3.6

EPSS Низкий

Описание

PicketBox and JBossSX, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2 and JBoss BRMS before 6.0.3 roll up patch 2, allows remote authenticated users to read and modify the application sever configuration and state by deploying a crafted application.

It was identified that PicketBox/JBossSX allowed any deployed application to alter or read the underlying application server configuration and state without any authorization checks. An attacker able to deploy applications could use this flaw to circumvent security constraints applied to other applications deployed on the same system, disclose privileged information, and in certain cases allow arbitrary code execution.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat JBoss BRMS 5	security	Will not fix
Red Hat JBoss Data Grid 6	security	Not affected
Red Hat JBoss Data Virtualization 6	security	Not affected
Red Hat JBoss Enterprise Application Platform 5	security	Will not fix
Red Hat JBoss Enterprise Web Server 1	ewp-5	Will not fix
Red Hat JBoss Enterprise Web Server 1	fuse	Not affected
Red Hat JBoss Enterprise Web Server 1	others	Will not fix
Red Hat JBoss Operations Network 3	security	Not affected
Red Hat JBoss Portal 5	security	Will not fix
Red Hat JBoss SOA Platform 5	security	Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-862

https://bugzilla.redhat.com/show_bug.cgi?id=1049736PicketBox/JBossSX: Unauthorized access to and modification of application server configuration and state by application

EPSS

Процентиль: 43%

0.00207

Низкий

3.6 Low

CVSS2

Связанные уязвимости

CVE-2014-0005

nvd

почти 11 лет назад

GHSA-hxxr-j64h-hx75

github