The CallerIdentityLoginModule in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 allows remote attackers to gain privileges of the previous user via a null password, which causes the previous user’s password to be used.
CPE | Name | Operator | Version |
---|---|---|---|
jboss_enterprise_application_platform | eq | 5.2.0 | |
jboss_enterprise_brms_platform | le | 5.3.0 | |
jboss_enterprise_web_platform | eq | 5.2.0 |
rhn.redhat.com/errata/RHSA-2013-0191.html
rhn.redhat.com/errata/RHSA-2013-0192.html
rhn.redhat.com/errata/RHSA-2013-0193.html
rhn.redhat.com/errata/RHSA-2013-0194.html
rhn.redhat.com/errata/RHSA-2013-0195.html
rhn.redhat.com/errata/RHSA-2013-0196.html
rhn.redhat.com/errata/RHSA-2013-0197.html
rhn.redhat.com/errata/RHSA-2013-0198.html
rhn.redhat.com/errata/RHSA-2013-0221.html
rhn.redhat.com/errata/RHSA-2013-0533.html
secunia.com/advisories/51984
secunia.com/advisories/52054
securitytracker.com/id?1028042
www.securityfocus.com/bid/57547
bugzilla.redhat.com/show_bug.cgi?id=836451
exchange.xforce.ibmcloud.com/vulnerabilities/81512