Vulnerabilities > CVE-2007-1354 - Unspecified vulnerability in Jboss Application Server
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The Access Control functionality (JMXOpsAccessControlFilter) in JMX Console in JBoss Application Server 4.0.2 and 4.0.5 before 20070416 uses a member variable to store the roles of the current user, which allows remote authenticated administrators to trigger a race condition and gain privileges by logging in during a session by a more privileged administrator, as demonstrated by privilege escalation from Read Mode to Write Mode.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 6 |
Redhat
| advisories |
|
References
- http://jira.jboss.com/jira/browse/ASPATCH-172
- http://jira.jboss.com/jira/browse/ASPATCH-172
- http://jira.jboss.com/jira/browse/ASPATCH-175
- http://jira.jboss.com/jira/browse/ASPATCH-175
- http://osvdb.org/46765
- http://osvdb.org/46765
- http://rhn.redhat.com/errata/RHSA-2007-0151.html
- http://rhn.redhat.com/errata/RHSA-2007-0151.html
- http://www.redhat.com/archives/jboss-watch-list/2007-April/msg00000.html
- http://www.redhat.com/archives/jboss-watch-list/2007-April/msg00000.html