QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2012-1167

Back to search

CVE-2012-1167

Published: Nov 23, 2012

Modified: Aug 6, 2024

PUBLISHED

Description

The JBoss Server in JBoss Enterprise Application Platform 5.1.x before 5.1.2 and 5.2.x before 5.2.2, Web Platform before 5.1.2, BRMS Platform before 5.3.0, and SOA Platform before 5.3.0, when the server is configured to use the JaccAuthorizationRealm and the ignoreBaseDecision property is set to true on the JBossWebRealm, does not properly check the permissions created by the WebPermissionMapping class, which allows remote authenticated users to access arbitrary applications.

VendorProductVersions

n/a

n/a

affected
n/a

References

RHSA-2012:1028
vendor-advisory
x_refsource_REDHAT
49658
third-party-advisory
x_refsource_SECUNIA
49635
third-party-advisory
x_refsource_SECUNIA
RHSA-2012:1027
vendor-advisory
x_refsource_REDHAT
RHSA-2012:1013
vendor-advisory
x_refsource_REDHAT
jboss-jacc-security-bypass(76680)
vdb-entry
x_refsource_XF
RHSA-2012:1026
vendor-advisory
x_refsource_REDHAT
50549
third-party-advisory
x_refsource_SECUNIA
RHSA-2012:1014
vendor-advisory
x_refsource_REDHAT
54089
vdb-entry
x_refsource_BID
1027501
vdb-entry
x_refsource_SECTRACK
RHSA-2012:1232
vendor-advisory
x_refsource_REDHAT
RHSA-2012:1125
vendor-advisory
x_refsource_REDHAT

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now