Red Hat Bugzilla – Bug 818837
CVE-2012-2312 JBoss AS 7: Security Context Propagation - When re-using thread from thread pool, security context also gets re-used
Last modified: 2015-02-15 16:51:15 EST
Security context propagation was not properly implemented. As a result, when a thread gets re-used from the thread pool, it still retains the security context from the process that last used it. The new security context is not properly propagated, and hence the previous security context will be in effect. A local attacker can use this flaw to escalate privileges in a malicious application deployed to the JBoss server.
This issue only affects JBoss AS 7.1.0, 7.1.1 and EAP 6 Beta.
Upstream bug: https://issues.jboss.org/browse/JBPAPP-8863
This flaw does not affect any Red Hat JBoss products, it only affects the JBoss AS 7 community releases.