Описание
Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.5 does not properly authorize access to shut down the server, which allows remote authenticated users with the Monitor, Deployer, or Auditor role to cause a denial of service via unspecified vectors.
It was found that JBoss EAP did not properly authorize a user performing a shut down. A remote user with the Monitor, Deployer, or Auditor role could use this flaw to shut down the EAP server, which is an action restricted to admin users.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss Enterprise Application Platform 6.4.4 | jbossas | Affected | ||
| Red Hat JBoss Enterprise Application Platform 6.4 | Fixed | RHSA-2015:2541 | 02.12.2015 | |
| Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 | apache-commons-collections-eap6 | Fixed | RHSA-2015:2538 | 02.12.2015 |
| Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 | hibernate4-eap6 | Fixed | RHSA-2015:2538 | 02.12.2015 |
| Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 | hornetq | Fixed | RHSA-2015:2538 | 02.12.2015 |
| Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 | ironjacamar-eap6 | Fixed | RHSA-2015:2538 | 02.12.2015 |
| Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 | jboss-as-appclient | Fixed | RHSA-2015:2538 | 02.12.2015 |
| Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 | jbossas-appclient | Fixed | RHSA-2015:2538 | 02.12.2015 |
| Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 | jbossas-bundles | Fixed | RHSA-2015:2538 | 02.12.2015 |
| Red Hat JBoss Enterprise Application Platform 6.4 for RHEL 5 | jboss-as-cli | Fixed | RHSA-2015:2538 | 02.12.2015 |
Показывать по
Дополнительная информация
Статус:
EPSS
4 Medium
CVSS2
Связанные уязвимости
Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.5 does not properly authorize access to shut down the server, which allows remote authenticated users with the Monitor, Deployer, or Auditor role to cause a denial of service via unspecified vectors.
Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.5 does not properly authorize access to shut down the server, which allows remote authenticated users with the Monitor, Deployer, or Auditor role to cause a denial of service via unspecified vectors.
EPSS
4 Medium
CVSS2