CVE-2012-0052: Input Validation
First published: Mon Jan 16 2012(Updated: )
If a JON agent is registered in a JON server's inventory with a given name, then any other agent can connect to the JON server and assume the identity of this registered agent simply by assuming its agent name. The JON agent key is not verified, allowing malicious JON agents to connect to the server.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Redhat Jboss Operations Network | <=2.4.1 | |
| Redhat Jboss Operations Network | =2.0.0 | |
| Redhat Jboss Operations Network | =2.0.1 | |
| Redhat Jboss Operations Network | =2.1.0 | |
| Redhat Jboss Operations Network | =2.2 | |
| Redhat Jboss Operations Network | =2.3 | |
| Redhat Jboss Operations Network | =2.3.1 | |
| Redhat Jboss Operations Network | =2.4 | |
| Redhat Jboss Operations Network | =3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/nvd-index
- collector/redhat-bugzilla
- alias/CVE-2012-0052
- vendor/redhat
- canonical/redhat jboss operations network
- version/redhat jboss operations network/2.4.1
- version/redhat jboss operations network/2.0.0
- version/redhat jboss operations network/2.0.1
- version/redhat jboss operations network/2.1.0
- version/redhat jboss operations network/2.2
- version/redhat jboss operations network/2.3
- version/redhat jboss operations network/2.3.1
- version/redhat jboss operations network/2.4
- version/redhat jboss operations network/3.0