CVE-2012-4572

Impact:
Low
Public Date:
2013-05-20
Bugzilla:
872059: CVE-2012-4572 JBoss: custom authorization module implementations shared between applications

The MITRE CVE dictionary describes this issue as:

Red Hat JBoss Enterprise Application Platform (EAP) before 6.1.0 and JBoss Portal before 6.1.0 does not load the implementation of a custom authorization module for a new application when an implementation is already loaded and the modules share class names, which allows local users to control certain applications' authorization decisions via a crafted application.

Find out more about CVE-2012-4572 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v2 metrics

Base Score 3.7
Base Metrics AV:L/AC:H/Au:N/C:P/I:P/A:P
Access Vector Local
Access Complexity High
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat JBoss Portal Platform 6.1 RHSA-2013:1437 2013-10-16
Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server RHSA-2013:0834 2013-05-20
Red Hat JBoss Enterprise Application Platform 6.1 RHSA-2013:0833 2013-05-20
Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server RHSA-2013:0839 2013-05-20

Acknowledgements

This issue was discovered by Josef Cacek of the Red Hat JBoss EAP Quality Engineering team.
Last Modified

CVE description copyright © 2017, The MITRE Corporation