Security Bypass Vulnerability in Red Hat Jboss Enterprise Application Platform
Severity Rating: Medium
Systems Affected
• JBoss Enterprise Application Platform 6.x
Overview
A vulnerability has been reported in Red Hat JBoss Enterprise Application Platform which could be exploited by remote attacker to bypass certain security restrictions.
Description
The Java Security Manager (JSM) of the JBoss EAP fails to properly apply the permissions that are defined in a policy file. Due to the improper permission application the java.security.AllPermission grants permission to all the applications, which could allow remote attackers to bypass security restrictions.
Solution
Update to version 6.2.2
https://access.redhat.com/jbossnetwo...&version=6.2.0
Vendor Information
Redhat
https://rhn.redhat.com/errata/RHSA-2014-0343.html
https://rhn.redhat.com/errata/RHSA-2014-0344.html
https://rhn.redhat.com/errata/RHSA-2014-0345.html
References
Redhat
https://rhn.redhat.com/errata/RHSA-2014-0343.html
https://rhn.redhat.com/errata/RHSA-2014-0344.html
https://rhn.redhat.com/errata/RHSA-2014-0345.html
https://bugzilla.redhat.com/show_bug...=CVE-2014-0093
SecureList
http://www.securelist.com/en/advisories/57675
Secunia
http://secunia.com/advisories/57675
Severity Rating: Medium
Systems Affected
• JBoss Enterprise Application Platform 6.x
Overview
A vulnerability has been reported in Red Hat JBoss Enterprise Application Platform which could be exploited by remote attacker to bypass certain security restrictions.
Description
The Java Security Manager (JSM) of the JBoss EAP fails to properly apply the permissions that are defined in a policy file. Due to the improper permission application the java.security.AllPermission grants permission to all the applications, which could allow remote attackers to bypass security restrictions.
Solution
Update to version 6.2.2
https://access.redhat.com/jbossnetwo...&version=6.2.0
Vendor Information
Redhat
https://rhn.redhat.com/errata/RHSA-2014-0343.html
https://rhn.redhat.com/errata/RHSA-2014-0344.html
https://rhn.redhat.com/errata/RHSA-2014-0345.html
References
Redhat
https://rhn.redhat.com/errata/RHSA-2014-0343.html
https://rhn.redhat.com/errata/RHSA-2014-0344.html
https://rhn.redhat.com/errata/RHSA-2014-0345.html
https://bugzilla.redhat.com/show_bug...=CVE-2014-0093
SecureList
http://www.securelist.com/en/advisories/57675
Secunia
http://secunia.com/advisories/57675
Comment