Veracode Vulnerability DatabaseVERACODE:15963Authorization Bypass
4.9 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:P/A:N
JBoss AS is vulnerable to authorization bypass. The isCallerInRole() method of the SimpleSecurityManager did not correctly check caller roles. A remote, authenticated attacker could use this flaw to circumvent the caller check in applications that use black list access control based on caller roles.
References
rhn.redhat.com/errata/RHSA-2014-1019.html
rhn.redhat.com/errata/RHSA-2014-1019.html
rhn.redhat.com/errata/RHSA-2014-1020.html
rhn.redhat.com/errata/RHSA-2014-1020.html
rhn.redhat.com/errata/RHSA-2014-1021.html
rhn.redhat.com/errata/RHSA-2014-1021.html
rhn.redhat.com/errata/RHSA-2015-0720.html
rhn.redhat.com/errata/RHSA-2015-0720.html
www.securityfocus.com/bid/69094
www.securityfocus.com/bid/69094
access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.3/html/6.3.0_Release_Notes/index.html
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=1038658
bugzilla.redhat.com/show_bug.cgi?id=1052745
bugzilla.redhat.com/show_bug.cgi?id=1053239
bugzilla.redhat.com/show_bug.cgi?id=1053245
bugzilla.redhat.com/show_bug.cgi?id=1053254
bugzilla.redhat.com/show_bug.cgi?id=1053261
bugzilla.redhat.com/show_bug.cgi?id=1053775
bugzilla.redhat.com/show_bug.cgi?id=1067505
bugzilla.redhat.com/show_bug.cgi?id=1067567
bugzilla.redhat.com/show_bug.cgi?id=1069415
bugzilla.redhat.com/show_bug.cgi?id=1071414
bugzilla.redhat.com/show_bug.cgi?id=1072567
bugzilla.redhat.com/show_bug.cgi?id=1072592
bugzilla.redhat.com/show_bug.cgi?id=1076644
bugzilla.redhat.com/show_bug.cgi?id=1076650
bugzilla.redhat.com/show_bug.cgi?id=1076653
bugzilla.redhat.com/show_bug.cgi?id=1078673
bugzilla.redhat.com/show_bug.cgi?id=1079399
bugzilla.redhat.com/show_bug.cgi?id=1079410
bugzilla.redhat.com/show_bug.cgi?id=1079414
bugzilla.redhat.com/show_bug.cgi?id=1079417
bugzilla.redhat.com/show_bug.cgi?id=1079422
bugzilla.redhat.com/show_bug.cgi?id=1079426
bugzilla.redhat.com/show_bug.cgi?id=1079431
bugzilla.redhat.com/show_bug.cgi?id=1079480
bugzilla.redhat.com/show_bug.cgi?id=1079794
bugzilla.redhat.com/show_bug.cgi?id=1079897
bugzilla.redhat.com/show_bug.cgi?id=1080388
bugzilla.redhat.com/show_bug.cgi?id=1080714
bugzilla.redhat.com/show_bug.cgi?id=1080722
bugzilla.redhat.com/show_bug.cgi?id=1080776
bugzilla.redhat.com/show_bug.cgi?id=1081266
bugzilla.redhat.com/show_bug.cgi?id=1081631
bugzilla.redhat.com/show_bug.cgi?id=1082057
bugzilla.redhat.com/show_bug.cgi?id=1084348
bugzilla.redhat.com/show_bug.cgi?id=1086793
bugzilla.redhat.com/show_bug.cgi?id=1092089
bugzilla.redhat.com/show_bug.cgi?id=1092104
bugzilla.redhat.com/show_bug.cgi?id=1102510
bugzilla.redhat.com/show_bug.cgi?id=1102513
bugzilla.redhat.com/show_bug.cgi?id=1103815
bugzilla.redhat.com/show_bug.cgi?id=1103815
exchange.xforce.ibmcloud.com/vulnerabilities/95170
exchange.xforce.ibmcloud.com/vulnerabilities/95170
rhn.redhat.com/errata/RHSA-2014-1019.html
Related
4.9 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:P/I:P/A:N