CVE-2012-3369
Published Feb 5, 2013
Last updated 7 years ago
Overview
- Description
- The CallerIdentityLoginModule in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 allows remote attackers to gain privileges of the previous user via a null password, which causes the previous user's password to be used.
- Source
- secalert@redhat.com
- NVD status
- Modified
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4
- Impact score
- 4.9
- Exploitability score
- 4.9
- Vector string
- AV:N/AC:H/Au:N/C:P/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-264
Social media
- Hype score
- Not currently trending
Evaluator
- Comment
- Per http://rhn.redhat.com/errata/RHSA-2013-0198.html "This JBoss Enterprise Web Platform 5.2.0 release serves as a replacement for JBoss Enterprise Web Platform 5.1.2, and includes bug fixes and enhancements." Per http://rhn.redhat.com/errata/RHSA-2013-0191.html "This JBoss Enterprise Application Platform 5.2.0 release serves as a replacement for JBoss Enterprise Application Platform 5.1.2, and includes bug fixes and enhancements."
- Impact
- -
- Solution
- -
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "38F66D5B-F906-437E-977E-F9F930648886"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "46849C8D-36E9-4E97-BB49-E04F4EB199E6"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_brms_platform:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "57FBD0FE-A84D-4707-A2DA-CB9F4920CBA8",
"versionEndIncluding": "5.3.0"
}
],
"operator": "OR"
}
]
}
]