Bug 1070046 (CVE-2014-0093)
Summary: | CVE-2014-0093 JBoss EAP 6: JSM policy not respected by deployed applications | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Arun Babu Neelicattu <aneelica> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | anil.saldhana, arubin, bdawidow, cdewolf, chazlett, epp-bugs, fnasser, grocha, huwang, jawilson, jcoleman, jdg-bugs, jkudrnac, jpallich, kconner, kejohnso, lgao, mjc, myarboro, pcheung, pgier, pslavice, rhq-maint, rsvoboda, soa-p-jira, spinder, theute, ttarrant, vtunka, weli |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: |
It was found that Java Security Manager permissions configured via a policy file were not properly applied, causing all deployed applications to be granted the java.security.AllPermission permission. In certain cases, an attacker could use this flaw to circumvent expected security measures to perform actions which would otherwise be restricted.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2019-06-08 02:31:49 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1070048, 1070049, 1070050, 1071100, 1071101, 1071102, 1071103, 1115372 | ||
Bug Blocks: | 1070108, 1070622, 1082938, 1141957, 1145284, 1159080 |
Description
Arun Babu Neelicattu
2014-02-26 07:02:20 UTC
Acknowledgements: This issue was discovered by Josef Cacek of the Red Hat JBoss EAP Quality Engineering team. This issue has been addressed in following products: Red Hat JBoss Enterprise Application Platform 6.2.2 Via RHSA-2014:0345 https://rhn.redhat.com/errata/RHSA-2014-0345.html This issue has been addressed in following products: JBEAP 6.2 for RHEL 5 JBEAP 6 for RHEL 5 Via RHSA-2014:0343 https://rhn.redhat.com/errata/RHSA-2014-0343.html This issue has been addressed in following products: JBEAP 6.2 for RHEL 6 JBEAP 6 for RHEL 6 Via RHSA-2014:0344 https://rhn.redhat.com/errata/RHSA-2014-0344.html This issue has been addressed in the following products: Red Hat JBoss BPM Suite 6.0.3 Via RHSA-2014:1291 https://rhn.redhat.com/errata/RHSA-2014-1291.html This issue has been addressed in the following products: Red Hat JBoss BRMS 6.0.3 Via RHSA-2014:1290 https://rhn.redhat.com/errata/RHSA-2014-1290.html This issue has been addressed in the following products: JBoss Fuse Service Works 6.0.0 Via RHSA-2014:1995 https://rhn.redhat.com/errata/RHSA-2014-1995.html This issue has been addressed in the following products: JBoss Portal 6.2.0 Via RHSA-2015:1009 https://rhn.redhat.com/errata/RHSA-2015-1009.html |