CVE-2010-2474: Input Validation
First published: Wed Jun 30 2010(Updated: )
A low impact privilege escalation flaw in the JBoss ESB component was found whereby the execution of a service with a different domain could, potentially, have resulted in the pipeline being run with different sets of credentials, (one set from the first domain if the request were still valid and a second set from the other domain if it had expired).
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Redhat Jboss Enterprise Service Bus | <=4.7 | |
| Redhat Jboss Enterprise Service Bus | =4.0 | |
| Redhat Jboss Enterprise Service Bus | =4.2 | |
| Redhat Jboss Enterprise Service Bus | =4.2.1 | |
| Redhat Jboss Enterprise Service Bus | =4.3 | |
| Redhat Jboss Enterprise Service Bus | =4.4 | |
| Redhat Jboss Enterprise Service Bus | =4.5 | |
| Redhat Jboss Enterprise Service Bus | =4.6 | |
| Redhat Jboss Enterprise Soa Platform | =4.2.0 | |
| Redhat Jboss Enterprise Soa Platform | =4.2.0-cp01 | |
| Redhat Jboss Enterprise Soa Platform | =4.2.0-cp02 | |
| Redhat Jboss Enterprise Soa Platform | =4.2.0-cp03 | |
| Redhat Jboss Enterprise Soa Platform | =4.2.0-cp04 | |
| Redhat Jboss Enterprise Soa Platform | =4.2.0-cp05 | |
| Redhat Jboss Enterprise Soa Platform | =4.2.0-tp02 | |
| Redhat Jboss Enterprise Soa Platform | =4.3.0 | |
| Redhat Jboss Enterprise Soa Platform | =4.3.0-cp01 | |
| Redhat Jboss Enterprise Soa Platform | =4.3.0-cp02 | |
| Redhat Jboss Enterprise Soa Platform | =4.3.0-cp03 | |
| Redhat Jboss Enterprise Soa Platform | =4.3.0-cp04 | |
| Redhat Jboss Enterprise Soa Platform | =5.0.0 | |
| Redhat Jboss Enterprise Soa Platform | =5.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=609442
- https://jira.jboss.org/browse/JBESB-3345
- http://secunia.com/advisories/40681
- http://www.redhat.com/docs/en-US/JBoss_SOA_Platform/5.0.2/html/5.0.2_Release_Notes/index.html
- http://secunia.com/advisories/40568
- https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=soaplatform&downloadType=distributions&version=5.0.2+GA
- collector/nvd-historical
- collector/nvd-index
- agent/softwarecombine
- agent/first-publish-date
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2010-2474
- agent/tags
- agent/event
- agent/trending
- vendor/redhat
- canonical/redhat jboss enterprise service bus
- version/redhat jboss enterprise service bus/4.7
- version/redhat jboss enterprise service bus/4.0
- version/redhat jboss enterprise service bus/4.2
- version/redhat jboss enterprise service bus/4.2.1
- version/redhat jboss enterprise service bus/4.3
- version/redhat jboss enterprise service bus/4.4
- version/redhat jboss enterprise service bus/4.5
- version/redhat jboss enterprise service bus/4.6
- canonical/redhat jboss enterprise soa platform
- version/redhat jboss enterprise soa platform/4.2.0
- version/redhat jboss enterprise soa platform/4.2.0-cp01
- version/redhat jboss enterprise soa platform/4.2.0-cp02
- version/redhat jboss enterprise soa platform/4.2.0-cp03
- version/redhat jboss enterprise soa platform/4.2.0-cp04
- version/redhat jboss enterprise soa platform/4.2.0-cp05
- version/redhat jboss enterprise soa platform/4.2.0-tp02
- version/redhat jboss enterprise soa platform/4.3.0
- version/redhat jboss enterprise soa platform/4.3.0-cp01
- version/redhat jboss enterprise soa platform/4.3.0-cp02
- version/redhat jboss enterprise soa platform/4.3.0-cp03
- version/redhat jboss enterprise soa platform/4.3.0-cp04
- version/redhat jboss enterprise soa platform/5.0.0
- version/redhat jboss enterprise soa platform/5.0.1