Red Hat Bugzilla – Bug 609442
CVE-2010-2474 JBoss ESB privilege escalation in cross-domain contexts
Last modified: 2015-08-19 04:49:45 EDT
A low impact privilege escalation flaw in the JBoss ESB component was found whereby the execution of a service with a different domain could, potentially, have resulted in the pipeline being run with different sets of credentials, (one set from the first domain if the request were still valid and a second set from the other domain if it had expired).
This issue was fixed by the 5.0.2 release of the JBoss Enterprise SOA Platform, available for download from the Red Hat Customer Portal:
The JBoss Enterprise SOA Platform 5.0.2 Release Notes are available from http://www.redhat.com/docs/en-US/JBoss_SOA_Platform/5.0.2/html/5.0.2_Release_Notes/index.html