Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistRedhatCVELIST:CVE-2012-0874
HistoryFeb 05, 2013 - 11:11 p.m.

CVE-2012-0874

2013-02-0523:11:00
redhat
www.cve.org
1

6.9 Medium

AI Score

Confidence

High

0.058 Low

EPSS

Percentile

93.4%

JSON

The (1) JMXInvokerHAServlet and (2) EJBInvokerHAServlet invoker servlets in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 do not require authentication by default in certain profiles, which might allow remote attackers to invoke MBean methods and execute arbitrary code via unspecified vectors. NOTE: this issue can only be exploited when the interceptor is not properly configured with a “second layer of authentication,” or when used in conjunction with other vulnerabilities that bypass this second layer.

Related

checkpoint_advisories 1
prion 2
securityvulns 2
seebug 1
cve 2
nvd 2
openvas 1
nessus 8
cvelist 1
attackerkb 1
threatpost 1
redhat 8
veracode 8
fireeye 1
checkpoint_advisories
checkpoint_advisories
JBoss Enterprise Application Platform Invoker Servlets Remote Code Execution (CVE-2012-0874)
2019-01-29 00:00:00
prion
prion
Design/Logic Flaw
2013-02-05 23:55:00
Design/Logic Flaw
2013-09-16 13:01:00
securityvulns
securityvulns
EMC Data Protection Advisor / Connectrix Manager security vulnerabilities
2014-01-08 00:00:00
ESA-2013-094: EMC Data Protection Advisor JBOSS Remote Code Execution Vulnerability
2014-01-08 00:00:00
seebug
seebug
JBoss Enterprise Application Platform 多个安全绕过漏洞(CVE-2012-0874)
2013-02-03 00:00:00
cve
cve
CVE-2012-0874
2013-02-05 23:55:01
CVE-2013-4810
2013-09-16 13:01:46
nvd
nvd
CVE-2012-0874
2013-02-05 23:55:01
CVE-2013-4810
2013-09-16 13:01:46
openvas
openvas
Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object Remote Code Execution
2013-10-15 00:00:00
nessus
nessus
JBoss Java Object Deserialization RCE
2015-12-10 00:00:00
Apache Tomcat / JBoss EJBInvokerServlet / JMXInvokerServlet Multiple Vulnerabilities
2013-10-14 00:00:00
RHEL 5 : JBoss EWP (RHSA-2013:0196)
2014-11-08 00:00:00
cvelist
cvelist
CVE-2013-4810
2013-09-13 18:00:00
attackerkb
attackerkb
CVE-2013-4810
2013-09-16 00:00:00
threatpost
threatpost
SpeakUp Linux Backdoor Sets Up for Major Attack
2019-02-04 14:00:15
redhat
redhat
(RHSA-2013:0533) Important: JBoss Enterprise SOA Platform 5.3.1 update
2013-02-20 00:00:00
(RHSA-2013:0221) Important: JBoss Enterprise BRMS Platform 5.3.1 update
2013-01-31 00:00:00
(RHSA-2013:0198) Important: JBoss Enterprise Web Platform 5.2.0 update
2013-01-24 00:00:00
veracode
veracode
Privilege Escalation
2019-05-02 04:46:47
Cross Site Scripting (XSS)
2019-05-02 04:46:17
Plaintext Weak Encryption
2019-05-02 04:46:04
fireeye
fireeye
Think Fast: Time Between Disclosure, Patch Release and Vulnerability Exploitation — Intelligence for Vulnerability Management, Part Two
2020-04-13 00:00:00

6.9 Medium

AI Score

Confidence

High

0.058 Low

EPSS

Percentile

93.4%

JSON
Related for CVELIST:CVE-2012-0874
checkpoint_advisories1prion2securityvulns2seebug1cve2nvd2openvas1nessus8cvelist1attackerkb1threatpost1redhat8veracode8fireeye1