Bug 1169237 (CVE-2014-8122)

Summary: CVE-2014-8122 JBoss Weld: Limited information disclosure via stale thread state
Product: [Other] Security Response Reporter: Arun Babu Neelicattu <aneelica>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: bdawidow, cdewolf, chazlett, dandread, darran.lofthouse, dstahl, grocha, hfnukal, jawilson, jcoleman, jharting, jpallich, jrusnack, jshepherd, kconner, kejohnso, lgao, maschmid, mkouba, mweiler, myarboro, pavelp, pgier, pmuir, pslavice, rsvoboda, rzhang, sdouglas, security-response-team, slaskawi, spinder, theute, ttarrant, twalsh, vtunka
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: weld-core 3.0.0.Alpha3, weld-core 2.2.8.Final Doc Type: Bug Fix
Doc Text:
It was discovered that under specific conditions the conversation state information stored in a thread-local variable in JBoss Weld was not sanitized correctly when the conversation ended. This could lead to a race condition that could potentially expose sensitive information from a previous conversation to the current conversation.
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-08-27 22:50:54 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1169246, 1169247, 1169248, 1169249, 1169250, 1169251, 1169252, 1169253, 1169254, 1169255, 1169256, 1169257, 1169258, 1169259, 1169260    
Bug Blocks: 1155350, 1168961, 1200191, 1206755, 1210482, 1217043    

Description Arun Babu Neelicattu 2014-12-01 06:19:38 UTC
It was discovered that under specific conditions the conversation state information stored in a thread local variable was not cleaned correctly when the conversation ends. This could lead to a race condition which when met could potentially expose sensitive information that was visible to the previous conversation to the current one.

Comment 3 Arun Babu Neelicattu 2014-12-01 07:07:36 UTC
Upstream Issue:

https://issues.jboss.org/browse/WELD-1802

Comment 4 Martin Prpič 2014-12-01 16:48:36 UTC
Acknowledgements:

Red Hat would like to thank Rune Steinseth of JProfessionals for reporting this issue.

Comment 6 Arun Babu Neelicattu 2015-02-10 10:38:40 UTC
Victims Record:

https://github.com/victims/victims-cve-db/blob/master/database/java/2014/8122.yaml

Comment 7 errata-xmlrpc 2015-02-11 20:07:23 UTC
This issue has been addressed in the following products:

  JBoss Enterprise Application Platform 6.3.3

Via RHSA-2015:0215 https://rhn.redhat.com/errata/RHSA-2015-0215.html

Comment 8 errata-xmlrpc 2015-02-11 20:26:47 UTC
This issue has been addressed in the following products:

  JBEAP 6.3.z for RHEL 6

Via RHSA-2015:0217 https://rhn.redhat.com/errata/RHSA-2015-0217.html

Comment 9 errata-xmlrpc 2015-02-11 20:30:55 UTC
This issue has been addressed in the following products:

  JBEAP 6.3.z for RHEL 5

Via RHSA-2015:0216 https://rhn.redhat.com/errata/RHSA-2015-0216.html

Comment 10 errata-xmlrpc 2015-02-11 21:14:56 UTC
This issue has been addressed in the following products:

  JBEAP 6.3.z for RHEL 7

Via RHSA-2015:0218 https://rhn.redhat.com/errata/RHSA-2015-0218.html

Comment 12 errata-xmlrpc 2015-03-11 16:56:01 UTC
This issue has been addressed in the following products:

JBoss Data Virtualization 6.1.0

Via RHSA-2015:0675 https://rhn.redhat.com/errata/RHSA-2015-0675.html

Comment 13 errata-xmlrpc 2015-04-01 14:49:05 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Data Grid 6.4

Via RHSA-2015:0773 https://rhn.redhat.com/errata/RHSA-2015-0773.html

Comment 17 errata-xmlrpc 2015-04-16 16:08:04 UTC
This issue has been addressed in the following products:

  JBoss BPM Suite 6.1.0

Via RHSA-2015:0851 https://rhn.redhat.com/errata/RHSA-2015-0851.html

Comment 18 errata-xmlrpc 2015-04-16 16:10:59 UTC
This issue has been addressed in the following products:

  JBoss BRMS 6.1.0

Via RHSA-2015:0850 https://rhn.redhat.com/errata/RHSA-2015-0850.html

Comment 19 errata-xmlrpc 2015-04-30 16:10:31 UTC
This issue has been addressed in the following products:

  JBoss Operations Network 3.3.2

Via RHSA-2015:0920 https://rhn.redhat.com/errata/RHSA-2015-0920.html