CVE-2012-1167 — Vulnetix

Try Vulnetix Request Demo

CVE-2012-1167 PUBLISHED

Reported by redhat · Published November 23, 2012

The JBoss Server in JBoss Enterprise Application Platform 5.1.x before 5.1.2 and 5.2.x before 5.2.2, Web Platform before 5.1.2, BRMS Platform before 5.3.0, and SOA Platform before 5.3.0, when the server is configured to use the JaccAuthorizationRealm and the ignoreBaseDecision property is set to true on the JBossWebRealm, does not properly check the permissions created by the WebPermissionMapping class, which allows remote authenticated users to access arbitrary applications.

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
n/a	n/a	n/a

Timeline

Nov 23, 2012 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 3, 2023 EPSS Score
Feb 4, 2023 EPSS Score
Feb 13, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 19, 2023 EPSS Score

References

x_refsource_MISC
RHSA-2012:1028 vendor-advisoryx_refsource_REDHAT
49658 third-party-advisoryx_refsource_SECUNIA
49635 third-party-advisoryx_refsource_SECUNIA
RHSA-2012:1027 vendor-advisoryx_refsource_REDHAT
RHSA-2012:1013 vendor-advisoryx_refsource_REDHAT
jboss-jacc-security-bypass(76680) vdb-entryx_refsource_XF
RHSA-2012:1026 vendor-advisoryx_refsource_REDHAT
50549 third-party-advisoryx_refsource_SECUNIA
RHSA-2012:1014 vendor-advisoryx_refsource_REDHAT
54089 vdb-entryx_refsource_BID
1027501 vdb-entryx_refsource_SECTRACK
RHSA-2012:1232 vendor-advisoryx_refsource_REDHAT
RHSA-2012:1125 vendor-advisoryx_refsource_REDHAT

Open in Interactive Console →