CVE-2012-1167
Last modified
CVE-2012-1167 is a vulnerability of currently unknown severity. The JBoss Server in JBoss Enterprise Application Platform 5.1.x before 5.1.2 and 5.2.x before 5.2.2, Web Platform before 5.1.2, BRMS Platform before 5.3.0, and SOA Platform before 5.3.0, when the server is configured to use the JaccAuthorizationRealm and the ignoreBaseDecision property is set to true on the JBossWebRealm, does not properly check the permissions created by the WebPermissionMapping class, which allows remote authenticated users to access arbitrary applications.. EPSS estimates a 1.60% chance of exploitation in the next 30 days.
Description
The JBoss Server in JBoss Enterprise Application Platform 5.1.x before 5.1.2 and 5.2.x before 5.2.2, Web Platform before 5.1.2, BRMS Platform before 5.3.0, and SOA Platform before 5.3.0, when the server is configured to use the JaccAuthorizationRealm and the ignoreBaseDecision property is set to true on the JBossWebRealm, does not properly check the permissions created by the WebPermissionMapping class, which allows remote authenticated users to access arbitrary applications.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Jboss Enterprise Application Platform | 5.1.0 |
| Redhat | Jboss Enterprise Application Platform | 5.1.1 |
| Redhat | Jboss Enterprise Application Platform | 5.2.0 |
| Redhat | Jboss Enterprise Application Platform | 5.2.1 |
| Redhat | Jboss Enterprise Brms Platform | <= 5.2.0 |
| Redhat | Jboss Enterprise Soa Platform | <= 5.2.0 |
| Redhat | Jboss Enterprise Soa Platform | 5.0.0 |
| Redhat | Jboss Enterprise Soa Platform | 5.0.1 |
| Redhat | Jboss Enterprise Soa Platform | 5.0.2 |
| Redhat | Jboss Enterprise Soa Platform | 5.1.0 |
| Redhat | Jboss Enterprise Soa Platform | 5.1.1 |
| Redhat | Jboss Enterprise Web Platform | <= 5.1.1 |
| Redhat | Jboss Enterprise Web Platform | 5.1.0 |
References
- http://rhn.redhat.com/errata/RHSA-2012-1013.htmlVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2012-1014.htmlVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2012-1026.htmlVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2012-1027.htmlVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2012-1125.htmlVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2012-1232.htmlVendor Advisory
- http://secunia.com/advisories/49635Vendor Advisory
- http://secunia.com/advisories/49658Vendor Advisory
- http://secunia.com/advisories/50549Vendor Advisory
- http://rhn.redhat.com/errata/RHSA-2012-1013.htmlVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2012-1014.htmlVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2012-1026.htmlVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2012-1027.htmlVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2012-1125.htmlVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2012-1232.htmlVendor Advisory
- http://secunia.com/advisories/49635Vendor Advisory
- http://secunia.com/advisories/49658Vendor Advisory
- http://secunia.com/advisories/50549Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2012-1167?
How severe is CVE-2012-1167?
How do I fix CVE-2012-1167?
Are you affected by CVE-2012-1167?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST