Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:60522
HistoryDec 21, 2012 - 12:00 a.m.

JBoss Enterprise Application Platform 安全绕过漏洞(CVE-2012-4549)

2012-12-2100:00:00
Root
www.seebug.org
17

0.002 Low

EPSS

Percentile

56.1%

JSON

Bugtraq ID:56990
CVE ID:CVE-2012-4549

JBOSS是一个基于J2EE的开放源代码的应用服务器。
在不允许任何角色调用EJB方法时,需要拒绝所有用户的调用。当允许角色列表为空时,org.jboss.as.ejb3.security.AuthorizationInterceptor中的processInvocation()方法不正确授权方法调用,允许攻击者绕过安全限制执行未授权操作。
0
JBoss Enterprise Application Platform 6
厂商解决方案

JBoss Enterprise Application Platform 6.0.1已经修复此漏洞,建议用户下载使用:
http://www.jboss.com/products/platforms/application/

Related

prion 1
nvd 1
cve 1
ubuntucve 1
cvelist 1
redhat 3
veracode 4
nessus 2
prion
prion
Input validation
2013-01-05 00:55:00
nvd
nvd
CVE-2012-4549
2013-01-05 00:55:02
cve
cve
CVE-2012-4549
2013-01-05 00:55:02
ubuntucve
ubuntucve
CVE-2012-4549
2013-01-05 00:00:00
cvelist
cvelist
CVE-2012-4549
2013-01-05 00:00:00
redhat
redhat
(RHSA-2012:1592) Important: JBoss Enterprise Application Platform 6.0.1 update
2012-12-18 00:00:00
(RHSA-2012:1591) Important: JBoss Enterprise Application Platform 6.0.1 update
2012-12-18 00:00:00
(RHSA-2012:1594) Important: JBoss Enterprise Application Platform 6.0.1 update
2012-12-18 00:00:00
veracode
veracode
Access Restriction Bypass
2019-05-02 04:43:29
Access Restriction Bypass
2019-05-02 04:43:22
Cross Site Scripting (XSS)
2019-05-02 04:42:42
nessus
nessus
RHEL 6 : JBoss EAP (RHSA-2012:1592)
2013-01-24 00:00:00
RHEL 5 : JBoss EAP (RHSA-2012:1591)
2013-01-24 00:00:00

0.002 Low

EPSS

Percentile

56.1%

JSON
Related for SSV:60522
prion1nvd1cve1ubuntucve1cvelist1redhat3veracode4nessus2