CVE-2014-0093

Опубликовано: 21 фев. 2014

Источник: redhat

CVSS2: 4

EPSS Низкий

Описание

Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2, when using a Java Security Manager (JSM), does not properly apply permissions defined by a policy file, which causes applications to be granted the java.security.AllPermission permission and allows remote attackers to bypass intended access restrictions.

It was found that Java Security Manager permissions configured via a policy file were not properly applied, causing all deployed applications to be granted the java.security.AllPermission permission. In certain cases, an attacker could use this flaw to circumvent expected security measures to perform actions which would otherwise be restricted.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat JBoss Data Grid 6	eap	Not affected
Red Hat JBoss Data Virtualization 6	eap	Not affected
Red Hat JBoss Enterprise Application Platform 5	server	Not affected
Red Hat JBoss Operations Network 3	eap	Not affected
Red Hat JBoss BPMS 6.0	eap	Fixed	RHSA-2014:1291	23.09.2014
Red Hat JBoss BRMS 6.0	eap	Fixed	RHSA-2014:1290	23.09.2014
Red Hat JBoss Enterprise Application Platform 6.2	server	Fixed	RHSA-2014:0345	31.03.2014
Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5	apache-cxf	Fixed	RHSA-2014:0343	31.03.2014
Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5	glassfish-jsf-eap6	Fixed	RHSA-2014:0343	31.03.2014
Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5	jboss-ejb-client	Fixed	RHSA-2014:0343	31.03.2014

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

https://bugzilla.redhat.com/show_bug.cgi?id=10700466: JSM policy not respected by deployed applications

EPSS

Процентиль: 51%

0.0028

Низкий

4 Medium

CVSS2

Связанные уязвимости

CVE-2014-0093

nvd

почти 12 лет назад

GHSA-5655-4wv8-88fx

github