PRIOn knowledge basePRION:CVE-2012-1167Input validation
6.8 Medium
AI Score
Confidence
Low
4.6 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:S/C:P/I:P/A:P
0.005 Low
EPSS
Percentile
74.7%
The JBoss Server in JBoss Enterprise Application Platform 5.1.x before 5.1.2 and 5.2.x before 5.2.2, Web Platform before 5.1.2, BRMS Platform before 5.3.0, and SOA Platform before 5.3.0, when the server is configured to use the JaccAuthorizationRealm and the ignoreBaseDecision property is set to true on the JBossWebRealm, does not properly check the permissions created by the WebPermissionMapping class, which allows remote authenticated users to access arbitrary applications.
References
rhn.redhat.com/errata/RHSA-2012-1013.html
rhn.redhat.com/errata/RHSA-2012-1014.html
rhn.redhat.com/errata/RHSA-2012-1026.html
rhn.redhat.com/errata/RHSA-2012-1027.html
rhn.redhat.com/errata/RHSA-2012-1028.html
rhn.redhat.com/errata/RHSA-2012-1125.html
rhn.redhat.com/errata/RHSA-2012-1232.html
secunia.com/advisories/49635
secunia.com/advisories/49658
secunia.com/advisories/50549
securitytracker.com/id?1027501
www.securityfocus.com/bid/54089
bugzilla.redhat.com/show_bug.cgi?id=802622
exchange.xforce.ibmcloud.com/vulnerabilities/76680
Related
6.8 Medium
AI Score
Confidence
Low
4.6 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:S/C:P/I:P/A:P
0.005 Low
EPSS
Percentile
74.7%