JBoss Enterprise Application Platform/JBoss Enterprise Web Platform安全绕过漏洞

CVE ID: CVE-2012-1167 JBOSS是一个基于J2EE的开放源代码的应用服务器。 Redhat为JBoss Enterprise Application Platform和JBoss Enterprise Web Platform发布了一个更新，修复了一个能绕过部分安全限制的安全问题。 当创建权限时WebPermissionMapping类存在一个错误，可被利用获得对受限应用的访问。 要成功利用漏洞需要JBoss server配置使用JaccAuthorizationRealm，并且在JBossWebRealm上ignoreBaseDecision设置为true。 0...

Moderate: Red Hat Security Advisory: jbossas security update

An update for JBoss Enterprise Application Platform 5.1.2 that fixes one security issue is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which give...