Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.6
CVSSv2

CVE-2012-1167

Published: 23/11/2012 Updated: 29/08/2017
CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9
VMScore: 409
Vector: AV:N/AC:H/Au:S/C:P/I:P/A:P
Subscribe to Jboss Enterprise Application Platform

Vulnerability Summary

The JBoss Server in JBoss Enterprise Application Platform 5.1.x prior to 5.1.2 and 5.2.x prior to 5.2.2, Web Platform prior to 5.1.2, BRMS Platform prior to 5.3.0, and SOA Platform prior to 5.3.0, when the server is configured to use the JaccAuthorizationRealm and the ignoreBaseDecision property is set to true on the JBossWebRealm, does not properly check the permissions created by the WebPermissionMapping class, which allows remote authenticated users to access arbitrary applications.

Vulnerable Product Search on Vulmon Subscribe to Product

redhat jboss enterprise application platform 5.1.1

redhat jboss enterprise application platform 5.1.0

redhat jboss enterprise application platform 5.2.0

redhat jboss enterprise application platform 5.2.1

redhat jboss enterprise soa platform 5.1.0

redhat jboss enterprise soa platform 5.0.2

redhat jboss enterprise soa platform 5.0.1

redhat jboss enterprise soa platform

redhat jboss enterprise soa platform 5.1.1

redhat jboss enterprise web platform 5.1.0

redhat jboss enterprise brms platform

redhat jboss enterprise web platform

redhat jboss enterprise soa platform 5.0.0

Vendor Advisories

Red Hat: Important: jbossas and jboss-naming security update
Synopsis Important: jbossas and jboss-naming security update Type/Severity Security Advisory: Important Topic Updated jbossas and jboss-naming packages that fix two security issues arenow available for JBoss Enterprise Application Platform 512 for Red HatEnterprise Linux 4, 5, and 6The Red Hat Security R ...
Red Hat: Important: jbossas-web and jboss-naming security update
Synopsis Important: jbossas-web and jboss-naming security update Type/Severity Security Advisory: Important Topic Updated jbossas-web and jboss-naming packages that fix two security issuesare now available for JBoss Enterprise Web Platform 512 for Red HatEnterprise Linux 4, 5, and 6The Red Hat Security R ...

References

CWE-264http://secunia.com/advisories/49658http://secunia.com/advisories/49635http://rhn.redhat.com/errata/RHSA-2012-1125.htmlhttp://rhn.redhat.com/errata/RHSA-2012-1014.htmlhttp://securitytracker.com/id?1027501http://rhn.redhat.com/errata/RHSA-2012-1232.htmlhttp://rhn.redhat.com/errata/RHSA-2012-1013.htmlhttp://rhn.redhat.com/errata/RHSA-2012-1027.htmlhttp://rhn.redhat.com/errata/RHSA-2012-1026.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=802622http://secunia.com/advisories/50549http://rhn.redhat.com/errata/RHSA-2012-1028.htmlhttp://www.securityfocus.com/bid/54089https://exchange.xforce.ibmcloud.com/vulnerabilities/76680https://access.redhat.com/errata/RHSA-2012:1026https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-21111CVE-2024-32884IDORCVE-2023-1000CVE-2024-33260CVE-2024-3682reflected XSSrace conditionCVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook