In JBoss EAP 6 a security domain is configured to use a cache that is shared between all applications that are in the security domain. This could allow an authenticated user in one application to access protected resources in another application without proper authorization. Although this is an intended functionality, it was not clearly documented which can mislead users into thinking that a security domain cache is isolated to a single application.
References
Link | Resource |
---|---|
https://access.redhat.com/security/cve/cve-2014-0169 | Vendor Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0169 | Issue Tracking Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2020-01-02T19:09:51
Updated: 2020-01-02T19:09:51
Reserved: 2013-12-03T00:00:00
Link: CVE-2014-0169
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-01-02T20:15:16.663
Modified: 2020-01-14T17:17:49.807
Link: CVE-2014-0169
JSON object: View
Redhat Information
No data.
CWE