The SecurityAssociation.getCredential method in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 returns the credentials of the previous user when a security context is not provided, which allows remote attackers to gain privileges as other users.
References
Link | Resource |
---|---|
http://rhn.redhat.com/errata/RHSA-2013-0191.html | Vendor Advisory |
http://rhn.redhat.com/errata/RHSA-2013-0192.html | Vendor Advisory |
http://rhn.redhat.com/errata/RHSA-2013-0193.html | Vendor Advisory |
http://rhn.redhat.com/errata/RHSA-2013-0194.html | Vendor Advisory |
http://rhn.redhat.com/errata/RHSA-2013-0195.html | Vendor Advisory |
http://rhn.redhat.com/errata/RHSA-2013-0196.html | Vendor Advisory |
http://rhn.redhat.com/errata/RHSA-2013-0197.html | Vendor Advisory |
http://rhn.redhat.com/errata/RHSA-2013-0198.html | Vendor Advisory |
http://rhn.redhat.com/errata/RHSA-2013-0221.html | Vendor Advisory |
http://rhn.redhat.com/errata/RHSA-2013-0533.html | |
http://secunia.com/advisories/51984 | Vendor Advisory |
http://secunia.com/advisories/52054 | Vendor Advisory |
http://securitytracker.com/id?1028042 | |
http://www.osvdb.org/89581 | |
http://www.securityfocus.com/bid/57550 | |
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=836456 | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/81513 |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2013-02-05T23:11:00
Updated: 2017-08-28T12:57:01
Reserved: 2012-06-14T00:00:00
Link: CVE-2012-3370
JSON object: View
NVD Information
Status : Modified
Published: 2013-02-05T23:55:01.490
Modified: 2017-08-29T01:31:54.757
Link: CVE-2012-3370
JSON object: View
Redhat Information
No data.
CWE