Описание
Race condition in JBoss Weld before 2.2.8 and 3.x before 3.0.0 Alpha3 allows remote attackers to obtain information from a previous conversation via vectors related to a stale thread state.
It was discovered that under specific conditions the conversation state information stored in a thread-local variable in JBoss Weld was not sanitized correctly when the conversation ended. This could lead to a race condition that could potentially expose sensitive information from a previous conversation to the current conversation.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat BPM Suite 6 | weld | Affected | ||
| Red Hat JBoss BRMS 6 | weld | Affected | ||
| Red Hat JBoss Data Grid 6 | weld | Affected | ||
| Red Hat JBoss Data Virtualization 6 | weld | Affected | ||
| Red Hat JBoss Enterprise Web Server 1 | others | Not affected | ||
| Red Hat JBoss Fuse Service Works 6 | weld | Affected | ||
| Red Hat JBoss Operations Network 3 | weld | Affected | ||
| Red Hat JBoss Portal 6 | weld | Affected | ||
| Red Hat JBoss BPMS 6.0 | Fixed | RHSA-2015:0851 | 16.04.2015 | |
| Red Hat JBoss BRMS 6.0 | Fixed | RHSA-2015:0850 | 16.04.2015 |
Показывать по
Дополнительная информация
Статус:
EPSS
2.1 Low
CVSS2
Связанные уязвимости
Race condition in JBoss Weld before 2.2.8 and 3.x before 3.0.0 Alpha3 allows remote attackers to obtain information from a previous conversation via vectors related to a stale thread state.
EPSS
2.1 Low
CVSS2