Bug 1052783 (CVE-2014-0018)
| Summary: | CVE-2014-0018 jboss-as-server: Unchecked access to MSC Service Registry under JSM | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Arun Babu Neelicattu <aneelica> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | unspecified | CC: | anil.saldhana, bdawidow, chazlett, epp-bugs, fnasser, grocha, huwang, jcoleman, jdg-bugs, jpallich, kconner, kejohnso, lgao, mjc, myarboro, pcheung, rhq-maint, soa-p-jira, spinder, theute, ttarrant, weli |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: |
In Red Hat JBoss Enterprise Application Platform, when running under a security manager, it was possible for deployed code to get access to the Modular Service Container (MSC) service registry without any permission checks. This could allow malicious deployments to modify the internal state of the server in various ways.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-06-08 02:31:14 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1051751, 1052141, 1052785, 1052790, 1052791, 1052792, 1075479 | ||
| Bug Blocks: | 1050810, 1082931, 1082938, 1141957, 1145284, 1159080 | ||
|
Description
Arun Babu Neelicattu
2014-01-14 03:55:44 UTC
Acknowledgement: This issue was discovered by Stuart Douglas of Red Hat. This issue has been addressed in following products: Red Hat JBoss Enterprise Application Platform 6.2.1 Via RHSA-2014:0172 https://rhn.redhat.com/errata/RHSA-2014-0172.html This issue has been addressed in following products: JBEAP 6 for RHEL 6 JBEAP 6.2 for RHEL 6 Via RHSA-2014:0171 https://rhn.redhat.com/errata/RHSA-2014-0171.html This issue has been addressed in following products: JBEAP 6 for RHEL 5 JBEAP 6.2 for RHEL 5 Via RHSA-2014:0170 https://rhn.redhat.com/errata/RHSA-2014-0170.html This issue has been addressed in the following products: Red Hat JBoss BPM Suite 6.0.3 Via RHSA-2014:1291 https://rhn.redhat.com/errata/RHSA-2014-1291.html This issue has been addressed in the following products: Red Hat JBoss BRMS 6.0.3 Via RHSA-2014:1290 https://rhn.redhat.com/errata/RHSA-2014-1290.html This issue has been addressed in the following products: JBoss Fuse Service Works 6.0.0 Via RHSA-2014:1995 https://rhn.redhat.com/errata/RHSA-2014-1995.html This issue has been addressed in the following products: JBoss Portal 6.2.0 Via RHSA-2015:1009 https://rhn.redhat.com/errata/RHSA-2015-1009.html |