CVE-2012-4550

JBoss Enterprise Application Platform aka JBoss EAP or JBEAP before 6.0.1, when using role-based authorization for Enterprise Java Beans EJB access, does not call the intended authorization modules, which prevents JACC permissions from being applied and allows remote attackers to obtain access to...

CVE-2012-4550

A flaw was found in JBoss Enterprise Application Platform. When role-based authorization is used for Enterprise Java Beans EJB access, the system does not correctly call the necessary authorization modules. This prevents Java Authorization Contract for Containers JACC permissions from being...

JBoss Enterprise Application Platform安全绕过漏洞

CVE ID:CVE-2012-4550 JBOSS是一个基于J2EE的开放源代码的应用服务器。 当使用基于角色的授权用于Enterprise Java Beans EJB访问时，必须使用JACC权限来判断访问；但是存在一个安全漏洞没有调用配置的授权模块JACC, XACML等，使得JACC权限没有用来判断EJB访问，允许远程攻击者获得对EJB的未授权访问。 0 JBoss Enterprise Application Platform 即JBoss EAP或JBEAP 6.0.1之前版本 厂商解决方案 JBoss Enterprise Application Platform...

CVE-2012-4550

CVE-2012-4550 affects Red Hat/JBoss EAP 6.x up to 6.0.1 where, during EJB access, the configured authorization modules (JACC/XACML) were not invoked, preventing JACC permissions from being enforced and allowing remote access to an EJB. The issue is mitigated by updating to JBoss EAP 6.0.1 (RHSA-2...

Important: Red Hat Security Advisory: JBoss Enterprise Application Platform 6.0.1 update

JBoss Enterprise Application Platform 6.0.1, which fixes multiple security issues, various bugs, and adds enhancements, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring...