CVE-2012-3369

2013-02-05T23:55:00
ID CVE-2012-3369
Type cve
Reporter cve@mitre.org
Modified 2017-08-29T01:31:00

Description

The CallerIdentityLoginModule in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 allows remote attackers to gain privileges of the previous user via a null password, which causes the previous user's password to be used. Per http://rhn.redhat.com/errata/RHSA-2013-0198.html "This JBoss Enterprise Web Platform 5.2.0 release serves as a replacement for JBoss Enterprise Web Platform 5.1.2, and includes bug fixes and enhancements."

Per http://rhn.redhat.com/errata/RHSA-2013-0191.html "This JBoss Enterprise Application Platform 5.2.0 release serves as a replacement for JBoss Enterprise Application Platform 5.1.2, and includes bug fixes and enhancements."