Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 818837 - (CVE-2012-2312) CVE-2012-2312 JBoss AS 7: Security Context Propagation - When re-using thread from thread pool, security context also gets re-used
CVE-2012-2312 JBoss AS 7: Security Context Propagation - When re-using thread...
Status: CLOSED NOTABUG
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20120430,repor...
: Security
Depends On: 820451
Blocks: 818838
  Show dependency treegraph
 
Reported: 2012-05-04 03:01 EDT by Arun Babu Neelicattu
Modified: 2015-02-15 16:51 EST (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-07-31 00:51:58 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Arun Babu Neelicattu 2012-05-04 03:01:25 EDT 
Security context propagation was not properly implemented. As a result, when a thread gets re-used from the thread pool, it still retains the security context from the process that last used it. The new security context is not properly propagated, and hence the previous security context will be in effect. A local attacker can use this flaw to escalate privileges in a malicious application deployed to the JBoss server.
Comment 1 David Jorm 2012-05-04 03:16:24 EDT 
This issue only affects JBoss AS 7.1.0, 7.1.1 and EAP 6 Beta.
Comment 2 David Jorm 2012-05-07 23:23:43 EDT 
Upstream bug: https://issues.jboss.org/browse/JBPAPP-8863
Comment 4 David Jorm 2012-06-14 03:29:39 EDT 
Statement:

This flaw does not affect any Red Hat JBoss products, it only affects the JBoss AS 7 community releases.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.