CVE-2012-4549 in Red Hat JBoss Enterprise Application Platforminformación

Resumen (Inglés)

The processInvocation function in org.jboss.as.ejb3.security.AuthorizationInterceptor in JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) before 6.0.1, authorizes all requests when no roles are allowed for an Enterprise Java Beans (EJB) method invocation, which allows attackers to bypass intended access restrictions for EJB methods.

Reservar

2012-08-21

Divulgación

2013-01-04

Voces

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerabilidad	CWE	Exp	Con	CVE
7188	Red Hat JBoss Enterprise Application Platform mod_negotiation processInvocation escalada de privilegios	264	Prueba de concepto	Arreglo oficial	CVE-2012-4549

Descripción

CPE

CWE

CVSS

Hazañas

Historia

Diferencia

Relacionar

Inteligencia de amenazas

API JSON

API XML

API CSV

◂ AnteriorVisión De ConjuntoPróximo ▸

Interested in the pricing of exploits?

See the underground prices here!