CVE-2014-0018

Опубликовано: 11 янв. 2014

Источник: redhat

CVSS2: 1.9

EPSS Низкий

Описание

Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.0 and JBoss WildFly Application Server, when run under a security manager, do not properly restrict access to the Modular Service Container (MSC) service registry, which allows local users to modify the server via a crafted deployment.

In Red Hat JBoss Enterprise Application Platform, when running under a security manager, it was possible for deployed code to get access to the Modular Service Container (MSC) service registry without any permission checks. This could allow malicious deployments to modify the internal state of the server in various ways.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat JBoss Data Grid 6	jboss-as-server	Not affected
Red Hat JBoss Data Virtualization 6	jboss-as-server	Not affected
Red Hat JBoss Enterprise Application Platform 5	jboss-as-server	Not affected
Red Hat JBoss Enterprise Web Server 1	others	Not affected
Red Hat JBoss Operations Network 3	jboss-as-server	Not affected
Red Hat JBoss BPMS 6.0	jboss-as-server	Fixed	RHSA-2014:1291	23.09.2014
Red Hat JBoss BRMS 6.0	jboss-as-server	Fixed	RHSA-2014:1290	23.09.2014
Red Hat JBoss Enterprise Application Platform 6.2		Fixed	RHSA-2014:0172	13.02.2014
Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5	jbossas-javadocs	Fixed	RHSA-2014:0170	13.02.2014
Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6	jbossas-javadocs	Fixed	RHSA-2014:0171	13.02.2014

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

https://bugzilla.redhat.com/show_bug.cgi?id=1052783jboss-as-server: Unchecked access to MSC Service Registry under JSM

EPSS

Процентиль: 20%

0.00062

Низкий

1.9 Low

CVSS2

Связанные уязвимости

CVE-2014-0018

nvd

почти 12 лет назад

GHSA-mxv4-hqqr-c5rm

github