Red Hat JBoss Enterprise Application Platform (EAP) prior to 6.1.0 and JBoss Portal prior to 6.1.0 does not load the implementation of a custom authorization module for a new application when an implementation is already loaded and the modules share class names, which allows local users to control certain applications' authorization decisions via a crafted application.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
redhat jboss enterprise application platform 5.1.1 |
||
redhat jboss enterprise application platform 5.2.0 |
||
redhat jboss enterprise application platform 5.1.2 |
||
redhat jboss enterprise application platform 5.2.1 |
||
redhat jboss enterprise application platform 4.2.0 |
||
redhat jboss enterprise application platform 4.3.0 |
||
redhat jboss enterprise application platform 5.0.1 |
||
redhat jboss enterprise application platform 6.0.0 |
||
redhat jboss enterprise application platform 5.0.0 |
||
redhat jboss enterprise application platform 5.1.0 |
||
redhat jboss enterprise application platform 5.2.2 |
||
redhat jboss enterprise application platform |
||
redhat jboss enterprise portal platform 4.3.0 |
||
redhat jboss enterprise portal platform 5.0.0 |
||
redhat jboss enterprise portal platform 5.0.1 |
||
redhat jboss enterprise portal platform 5.1.0 |
||
redhat jboss enterprise portal platform 5.2.0 |
||
redhat jboss enterprise portal platform 5.2.2 |
||
redhat jboss enterprise portal platform |
||
redhat jboss enterprise portal platform 5.1.1 |
||
redhat jboss enterprise portal platform 5.2.1 |
Vulmon