CVE-2012-4550 in Red Hat JBoss Enterprise Application Platforminfo

Summary

JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) before 6.0.1, when using role-based authorization for Enterprise Java Beans (EJB) access, does not call the intended authorization modules, which prevents JACC permissions from being applied and allows remote attackers to obtain access to the EJB.

Reservation

01/24/2008

Disclosure

01/04/2013

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
7187	Red Hat JBoss Enterprise Application Platform mod_negotiation processInvocation access control	264	Proof-of-Concept	Official fix	CVE-2012-4550

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

◂ PreviousOverviewNext ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!