13 matches found
EUVD-2019-13503
Malware in sbrugna...
CVE-2022-0866
This is a concurrency issue that can result in the wrong caller principal being returned from the session context of an EJB that is configured with a RunAs principal. In particular, the org.jboss.as.ejb3.component.EJBComponent class has an incomingRunAsIdentity field. This field is used by the...
Design/Logic Flaw
This is a concurrency issue that can result in the wrong caller principal being returned from the session context of an EJB that is configured with a RunAs principal. In particular, the org.jboss.as.ejb3.component.EJBComponent class has an incomingRunAsIdentity field. This field is used by the...
CVE-2019-3894
It was discovered that the ElytronManagedThread in Wildfly's Elytron subsystem stores a SecurityIdentity to run the thread with that security identity. As these threads do not necessarily terminate if the 'keep alive' time has not expired, this could allow a shared thread to use the wrong securit...
RHEL 6 : Red Hat JBoss Enterprise Application Platform 7.2.1 on RHEL 6 (RHSA-2019:1107)
The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:1107 advisory. Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on JBoss Application Server 7. This release of Red...
wildfly: wrong SecurityIdentity for EE concurrency threads that are reused
It was discovered that the ElytronManagedThread in Wildfly's Elytron subsystem stores a SecurityIdentity to run the thread with that security identity. As these threads do not necessarily terminate if the 'keep alive' time has not expired, this could allow a shared thread to use the wrong securit...
Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.2.1 on RHEL 7 security update
An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...
Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.2.1 on RHEL 6 security update
An update is now available for Red Hat JBoss Enterprise Application Platform 7.2 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...
wildfly: wrong SecurityIdentity for EE concurrency threads that are reused
It was discovered that the ElytronManagedThread in Wildfly's Elytron subsystem stores a SecurityIdentity to run the thread with that security identity. As these threads do not necessarily terminate if the 'keep alive' time has not expired, this could allow a shared thread to use the wrong securit...
CVE-2019-3894
It was discovered that the ElytronManagedThread in Wildfly's Elytron subsystem in versions from 11 to 16 stores a SecurityIdentity to run the thread as. These threads do not necessarily terminate if the keep alive time has not expired. This could allow a shared thread to use the wrong security...
Code injection
It was discovered that the ElytronManagedThread in Wildfly's Elytron subsystem in versions from 11 to 16 stores a SecurityIdentity to run the thread as. These threads do not necessarily terminate if the keep alive time has not expired. This could allow a shared thread to use the wrong security...
CVE-2019-3894
Affected software: WildFly Elytron subsystem. Vulnerable component: ElytronManagedThread that stores a SecurityIdentity for the thread. Root cause: threads may not terminate after keep-alive time, enabling a shared thread to run with the wrong security identity. Impact: potential confidentiality,...
Authorization Bypass
wildfly-ee is vulnerable to authorization bypass. The vulnerability exists as an incorrect SecurityIdentity for wildfly-ee concurrency could be used when a ElytronManagedThread that uses a different SecurityIdentity does not terminate from its previous thread and executes a new job...