VDB
CVE-2012-1167
CVE-2012-1167
PUBLISHED
Reported by redhat · Published November 23, 2012
The JBoss Server in JBoss Enterprise Application Platform 5.1.x before 5.1.2 and 5.2.x before 5.2.2, Web Platform before 5.1.2, BRMS Platform before 5.3.0, and SOA Platform before 5.3.0, when the server is configured to use the JaccAuthorizationRealm and the ignoreBaseDecision property is set to true on the JBossWebRealm, does not properly check the permissions created by the WebPermissionMapping class, which allows remote authenticated users to access arbitrary applications.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| n/a | n/a | *, n/a |
Timeline
- Nov 23, 2012 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 3, 2023 EPSS Score
- Feb 9, 2023 EPSS Score
- Feb 13, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- x_refsource_MISC
- RHSA-2012:1028 vendor-advisoryx_refsource_REDHAT
- 49658 third-party-advisoryx_refsource_SECUNIA
- 49635 third-party-advisoryx_refsource_SECUNIA
- RHSA-2012:1027 vendor-advisoryx_refsource_REDHAT
- RHSA-2012:1013 vendor-advisoryx_refsource_REDHAT
- jboss-jacc-security-bypass(76680) vdb-entryx_refsource_XF
- RHSA-2012:1026 vendor-advisoryx_refsource_REDHAT
- 50549 third-party-advisoryx_refsource_SECUNIA
- RHSA-2012:1014 vendor-advisoryx_refsource_REDHAT
- 54089 vdb-entryx_refsource_BID
- 1027501 vdb-entryx_refsource_SECTRACK
- RHSA-2012:1232 vendor-advisoryx_refsource_REDHAT
- RHSA-2012:1125 vendor-advisoryx_refsource_REDHAT