Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-7853

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2014-7853
Last Modified 11 May 2015 10:01:53
Published 13 Feb 2015 10:59:06
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2014-7853

Summary

The JBoss Application Server (WildFly) JacORB subsystem in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 does not properly assign socket-binding-ref sensitivity classification to the security-domain attribute, which allows remote authenticated users to obtain sensitive information by leveraging access to the security-domain attribute.

Vulnerable Systems

Application

  • Redhat Jboss Enterprise Application Platform 6.3.2


References

SECTRACK - 1031741

REDHAT - RHSA-2015:0218

REDHAT - RHSA-2015:0217

REDHAT - RHSA-2015:0216

REDHAT - RHSA-2015:0215

XF - redhat-jboss-cve20147853-info-disc(100891)

REDHAT - RHSA-2015:0920


Last Updated: 27 May 2016 10:56:47