The JBoss Application Server (WildFly) JacORB subsystem in Red Hat JBoss Enterprise Application Platform (EAP) prior to 6.3.3 does not properly assign socket-binding-ref sensitivity classification to the security-domain attribute, which allows remote authenticated users to obtain sensitive information by leveraging access to the security-domain attribute.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat jboss operations network 3.3.1 |
||
redhat jboss enterprise application platform |