Bug 735274 (CVE-2010-0737) - CVE-2010-0737 JBoss ON CLI privilege escalation
Summary: CVE-2010-0737 JBoss ON CLI privilege escalation
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2010-0737
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-09-02 05:24 UTC by David Jorm
Modified: 2019-09-29 12:47 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-09-02 05:53:08 UTC


Attachments (Terms of Use)

Description David Jorm 2011-09-02 05:24:12 UTC
A missing permission check was found in the JBoss Operations Network CLI, a Java shell that allows you to connect to the JBoss ON server over the command line. An unprivileged JBoss ON user could use this flaw to perform JBoss ON management tasks and configuration changes with the privileges of the administrator user.

Comment 1 David Jorm 2011-09-02 05:50:42 UTC
Statement:

This issue was fixed by a patch to JBoss Operations Network 2.3.1, available for download from the Red Hat Customer Portal: https://access.redhat.com/jbossnetwork/restricted/softwareDetail.html?softwareId=1983&product=em&version=2.3.1&downloadType=securityPatches


Note You need to log in before you can comment on or make changes to this bug.