CVE Reference: CVE-2012-3370

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2012-3370

Description:
The SecurityAssociation.getCredential method in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 returns the credentials of the previous user when a security context is not provided, which allows remote attackers to gain privileges as other users.

CVE Status:
Candidate

References:

XF
  http://xforce.iss.net/xforce/xfdb/81513

ST
  1028042

SAID
  Secunia Advisory: SA51984
  Secunia Advisory: SA52054

REDHAT
  http://rhn.redhat.com/errata/RHSA-2013-0533.html
  http://rhn.redhat.com/errata/RHSA-2013-0221.html
  http://rhn.redhat.com/errata/RHSA-2013-0198.html
  http://rhn.redhat.com/errata/RHSA-2013-0197.html
  http://rhn.redhat.com/errata/RHSA-2013-0196.html
  http://rhn.redhat.com/errata/RHSA-2013-0195.html
  http://rhn.redhat.com/errata/RHSA-2013-0194.html
  http://rhn.redhat.com/errata/RHSA-2013-0193.html
  http://rhn.redhat.com/errata/RHSA-2013-0192.html
  http://rhn.redhat.com/errata/RHSA-2013-0191.html

OSVDB
  89581

MISC

BID
  57550


Return to the previous page.