CVE-2007-1354
Last modified
CVE-2007-1354 is a vulnerability of currently unknown severity. The Access Control functionality (JMXOpsAccessControlFilter) in JMX Console in JBoss Application Server 4.0.2 and 4.0.5 before 20070416 uses a member variable to store the roles of the current user, which allows remote authenticated administrators to trigger a race condition and gain privileges by logging in during a session by a more privileged administrator, as demonstrated by privilege escalation from Read Mode to Write Mode.. EPSS estimates a 1.49% chance of exploitation in the next 30 days.
Description
The Access Control functionality (JMXOpsAccessControlFilter) in JMX Console in JBoss Application Server 4.0.2 and 4.0.5 before 20070416 uses a member variable to store the roles of the current user, which allows remote authenticated administrators to trigger a race condition and gain privileges by logging in during a session by a more privileged administrator, as demonstrated by privilege escalation from Read Mode to Write Mode.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Jboss | Jboss Application Server | 4.0.2.ga_cp02 |
| Jboss | Jboss Application Server | 4.0.2.ga_cp03 |
| Jboss | Jboss Application Server | 4.0.2.ga_cp04 |
| Jboss | Jboss Application Server | 4.0.5.ga |
| Jboss | Jboss Application Server | 4.0.5_cp01 |
| Jboss | Jboss Application Server | 4.0.5_cp02 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2007-1354?
How severe is CVE-2007-1354?
How do I fix CVE-2007-1354?
Are you affected by CVE-2007-1354?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST