CVE-2014-0093
It was found that Java Security Manager permissions configured via a policy file were not properly applied, causing all deployed applications to be granted the java.security.AllPermission permission. In certain cases, an attacker could use this flaw to circumvent expected security measures to perform actions which would otherwise be restricted.
Find out more about CVE-2014-0093 from the MITRE CVE dictionary dictionary and NIST NVD.
CVSS v2 metrics
| Base Score | 4 |
|---|---|
| Base Metrics | AV:N/AC:H/Au:N/C:P/I:P/A:N |
| Access Vector | Network |
| Access Complexity | High |
| Authentication | None |
| Confidentiality Impact | Partial |
| Integrity Impact | Partial |
| Availability Impact | None |
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat Security Errata
| Platform | Errata | Release Date |
|---|---|---|
| Red Hat JBoss Portal 6.2 | RHSA-2015:1009 | 2015-05-14 |
| Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server | RHSA-2014:0343 | 2014-03-31 |
| Red Hat JBoss Enterprise Application Platform 6.2 | RHSA-2014:0345 | 2014-03-31 |
| Red Hat JBoss BPMS 6.0 | RHSA-2014:1291 | 2014-09-23 |
| Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server | RHSA-2014:0344 | 2014-03-31 |
| Red Hat JBoss Fuse Service Works 6.0 | RHSA-2014:1995 | 2014-12-15 |
| Red Hat JBoss BRMS 6.0 | RHSA-2014:1290 | 2014-09-23 |
Affected Packages State
| Platform | Package | State |
|---|---|---|
| Red Hat JBoss Operations Network 3 | eap | Not affected |
| Red Hat JBoss EAP 5 | server | Not affected |
| Red Hat JBoss Data Virtualization 6 | eap | Not affected |
| Red Hat JBoss Data Grid 6 | eap | Not affected |