Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
prionPRIOn knowledge basePRION:CVE-2012-0874
HistoryFeb 05, 2013 - 11:55 p.m.

Design/Logic Flaw

2013-02-0523:55:00
PRIOn knowledge base
www.prio-n.com
2

8.2 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.058 Low

EPSS

Percentile

93.2%

JSON

The (1) JMXInvokerHAServlet and (2) EJBInvokerHAServlet invoker servlets in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 do not require authentication by default in certain profiles, which might allow remote attackers to invoke MBean methods and execute arbitrary code via unspecified vectors. NOTE: this issue can only be exploited when the interceptor is not properly configured with a “second layer of authentication,” or when used in conjunction with other vulnerabilities that bypass this second layer.

Related

securityvulns 2
checkpoint_advisories 1
seebug 1
cve 2
nessus 8
openvas 1
attackerkb 1
prion 1
threatpost 1
redhat 8
veracode 8
fireeye 1
securityvulns
securityvulns
EMC Data Protection Advisor / Connectrix Manager security vulnerabilities
2014-01-08 00:00:00
ESA-2013-094: EMC Data Protection Advisor JBOSS Remote Code Execution Vulnerability
2014-01-08 00:00:00
checkpoint_advisories
checkpoint_advisories
JBoss Enterprise Application Platform Invoker Servlets Remote Code Execution (CVE-2012-0874)
2019-01-29 00:00:00
seebug
seebug
JBoss Enterprise Application Platform 多个安全绕过漏洞(CVE-2012-0874)
2013-02-03 00:00:00
cve
cve
CVE-2012-0874
2013-02-05 23:55:00
CVE-2013-4810
2013-09-16 13:01:00
nessus
nessus
JBoss Java Object Deserialization RCE
2015-12-10 00:00:00
Apache Tomcat / JBoss EJBInvokerServlet / JMXInvokerServlet Multiple Vulnerabilities
2013-10-14 00:00:00
RHEL 4 : JBoss EAP (RHSA-2013:0193)
2013-01-24 00:00:00
openvas
openvas
Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object Remote Code Execution
2013-10-15 00:00:00
attackerkb
attackerkb
CVE-2013-4810
2013-09-16 00:00:00
prion
prion
Design/Logic Flaw
2013-09-16 13:01:00
threatpost
threatpost
SpeakUp Linux Backdoor Sets Up for Major Attack
2019-02-04 14:00:15
redhat
redhat
(RHSA-2013:0533) Important: JBoss Enterprise SOA Platform 5.3.1 update
2013-02-20 00:00:00
(RHSA-2013:0221) Important: JBoss Enterprise BRMS Platform 5.3.1 update
2013-01-31 00:00:00
(RHSA-2013:0194) Important: JBoss Enterprise Application Platform 5.2.0 update
2013-01-24 00:00:00
veracode
veracode
Information Disclosure
2019-05-02 04:46:22
Plaintext Weak Encryption
2019-05-02 04:46:04
Privilege Escalation
2019-05-02 04:46:55
fireeye
fireeye
Think Fast: Time Between Disclosure, Patch Release and Vulnerability Exploitation — Intelligence for Vulnerability Management, Part Two
2020-04-13 00:00:00

8.2 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.058 Low

EPSS

Percentile

93.2%

JSON
Related for PRION:CVE-2012-0874
securityvulns2checkpoint_advisories1seebug1cve2nessus8openvas1attackerkb1prion1threatpost1redhat8veracode8fireeye1