Vulnerabilities > CVE-2007-1354 - Remote Security vulnerability in Jboss Application Server

CVSS 6.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

jboss

NVD

Published: 2007-07-27

Updated: 2008-11-13

Summary

The Access Control functionality (JMXOpsAccessControlFilter) in JMX Console in JBoss Application Server 4.0.2 and 4.0.5 before 20070416 uses a member variable to store the roles of the current user, which allows remote authenticated administrators to trigger a race condition and gain privileges by logging in during a session by a more privileged administrator, as demonstrated by privilege escalation from Read Mode to Write Mode.

Vulnerable Configurations

Part	Description	Count
Application	Jboss Jboss Jboss Application Server 4.0.2.Ga_Cp02 Jboss Jboss Application Server 4.0.2.Ga_Cp03 Jboss Jboss Application Server 4.0.2.Ga_Cp04 Jboss Jboss Application Server 4.0.5.Ga Jboss Jboss Application Server 4.0.5_Cp01 Jboss Jboss Application Server 4.0.5_Cp02	6

Redhat

advisories

rhsa

id	RHSA-2007:0151

Summary

Vulnerable Configurations

Redhat

References