Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:60556
HistoryJan 05, 2013 - 12:00 a.m.

JBoss Enterprise Application Platform安全绕过漏洞

2013-01-0500:00:00
Root
www.seebug.org
34

0.003 Low

EPSS

Percentile

67.9%

JSON

CVE ID:CVE-2012-4550

JBOSS是一个基于J2EE的开放源代码的应用服务器。

当使用基于角色的授权用于Enterprise Java Beans (EJB)访问时,必须使用JACC权限来判断访问;但是存在一个安全漏洞没有调用配置的授权模块(JACC, XACML等),使得JACC权限没有用来判断EJB访问,允许远程攻击者获得对EJB的未授权访问。
0
JBoss Enterprise Application Platform (即JBoss EAP或JBEAP) 6.0.1之前版本
厂商解决方案

JBoss Enterprise Application Platform 6.0.1已经修复此漏洞,建议用户下载使用:
https://rhn.redhat.com/errata/RHSA-2012-1594.html

Related

prion 1
ubuntucve 1
cve 1
nessus 2
veracode 4
redhat 3
prion
prion
Authorization
2013-01-05 00:55:00
ubuntucve
ubuntucve
CVE-2012-4550
2013-01-05 00:00:00
cve
cve
CVE-2012-4550
2013-01-05 00:55:00
nessus
nessus
RHEL 5 : JBoss EAP (RHSA-2012:1591)
2013-01-24 00:00:00
RHEL 6 : JBoss EAP (RHSA-2012:1592)
2013-01-24 00:00:00
veracode
veracode
Information Disclosure
2019-05-02 04:42:36
Access Restriction Bypass
2019-05-02 04:43:22
Cross Site Scripting (XSS)
2019-05-02 04:42:42
redhat
redhat
(RHSA-2012:1591) Important: JBoss Enterprise Application Platform 6.0.1 update
2012-12-18 00:00:00
(RHSA-2012:1592) Important: JBoss Enterprise Application Platform 6.0.1 update
2012-12-18 00:00:00
(RHSA-2012:1594) Important: JBoss Enterprise Application Platform 6.0.1 update
2012-12-18 00:00:00

0.003 Low

EPSS

Percentile

67.9%

JSON
Related for SSV:60556
prion1ubuntucve1cve1nessus2veracode4redhat3