Lucene search
RootSSV:60611HistoryJan 30, 2013 - 12:00 a.m.
JBoss Enterprise Application Platform SecurityAssociation.getCredential() 安全绕过漏洞
2013-01-3000:00:00
Root
www.seebug.org
9
0.009 Low
EPSS
Percentile
81.4%
BUGTRAQ ID: 57550
CVE(CAN) ID: CVE-2012-3370
JBoss企业应用平台(JBoss Enterprise Application Platform,EAP)是J2EE应用的中间件平台。
JBoss Enterprise Application Platform,如果没有提供安全上下文给SecurityAssociation.getCredential(),则其会返回之前的凭证。根据配置的应用,可允许远程攻击者劫持之前经过身份验证的用户凭证。
0
JBoss Group JBoss Enterprise Web Platform for RHEL 5 Server 5
JBoss Group JBoss Enterprise Web Platform for RHEL 4ES 5
JBoss Group JBoss Enterprise Web Platform for RHEL 4AS 5
厂商补丁:
JBoss Group
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
Related
prion
prion
Design/Logic Flaw
2013-02-05 23:55:00
cve
cve
CVE-2012-3370
2013-02-05 23:55:00
redhat
redhat
(RHSA-2013:0221) Important: JBoss Enterprise BRMS Platform 5.3.1 update
2013-01-31 00:00:00
(RHSA-2013:0533) Important: JBoss Enterprise SOA Platform 5.3.1 update
2013-02-20 00:00:00
(RHSA-2013:0198) Important: JBoss Enterprise Web Platform 5.2.0 update
2013-01-24 00:00:00
veracode
veracode
Privilege Escalation
2019-05-02 04:46:48
Cross Site Scripting (XSS)
2019-05-02 04:46:17
Privilege Escalation
2019-05-02 04:46:47
nessus
nessus
RHEL 4 : JBoss EWP (RHSA-2013:0197)
2014-11-08 00:00:00
RHEL 4 : JBoss EAP (RHSA-2013:0193)
2013-01-24 00:00:00
RHEL 6 : JBoss EAP (RHSA-2013:0191)
2013-01-24 00:00:00