CVE-2012-0874
First published: Tue Feb 21 2012(Updated: )
The (1) JMXInvokerHAServlet and (2) EJBInvokerHAServlet invoker servlets in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 do not require authentication by default in certain profiles, which might allow remote attackers to invoke MBean methods and execute arbitrary code via unspecified vectors. NOTE: this issue can only be exploited when the interceptor is not properly configured with a "second layer of authentication," or when used in conjunction with other vulnerabilities that bypass this second layer.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/aopalliance | <0:1.0-5.2.jdk6.ep5.el5 | 0:1.0-5.2.jdk6.ep5.el5 |
| redhat/apache-cxf | <0:2.2.12-6.1.patch_04.ep5.el5 | 0:2.2.12-6.1.patch_04.ep5.el5 |
| redhat/bsh2 | <0:2.0-0.b4.15.1.patch01.ep5.el5 | 0:2.0-0.b4.15.1.patch01.ep5.el5 |
| redhat/glassfish-jaxb | <0:2.1.12-12_patch_03.ep5.el5 | 0:2.1.12-12_patch_03.ep5.el5 |
| redhat/google-guice | <0:2.0-3.ep5.el5 | 0:2.0-3.ep5.el5 |
| redhat/hibernate3 | <1:3.3.2-1.5.GA_CP05.ep5.el5 | 1:3.3.2-1.5.GA_CP05.ep5.el5 |
| redhat/hibernate3-annotations | <0:3.4.0-3.3.GA_CP05.ep5.el5 | 0:3.4.0-3.3.GA_CP05.ep5.el5 |
| redhat/hibernate3-entitymanager | <0:3.4.0-4.4.GA_CP05.ep5.el5 | 0:3.4.0-4.4.GA_CP05.ep5.el5 |
| redhat/hibernate3-search | <0:3.1.1-2.4.GA_CP05.ep5.el5 | 0:3.1.1-2.4.GA_CP05.ep5.el5 |
| redhat/jacorb-jboss | <0:2.3.2-2.jboss_1.ep5.el5 | 0:2.3.2-2.jboss_1.ep5.el5 |
| redhat/javassist | <0:3.12.0-6.SP1.ep5.el5 | 0:3.12.0-6.SP1.ep5.el5 |
| redhat/jboss-aop2 | <0:2.1.6-5.CP06.ep5.el5 | 0:2.1.6-5.CP06.ep5.el5 |
| redhat/jbossas-web | <0:5.2.0-8.ep5.el5 | 0:5.2.0-8.ep5.el5 |
| redhat/jbossas-web-tp-licenses | <0:5.2.0-7.ep5.el5 | 0:5.2.0-7.ep5.el5 |
| redhat/jbossas-ws-cxf-ewp | <0:5.2.0-7.ep5.el5 | 0:5.2.0-7.ep5.el5 |
| redhat/jboss-bootstrap | <0:1.0.2-1.ep5.el5 | 0:1.0.2-1.ep5.el5 |
| redhat/jboss-cache-core | <0:3.2.11-1.GA.ep5.el5 | 0:3.2.11-1.GA.ep5.el5 |
| redhat/jboss-cache-pojo | <0:3.0.1-1.1.ep5.el5 | 0:3.0.1-1.1.ep5.el5 |
| redhat/jboss-cl | <0:2.0.11-1.GA.ep5.el5 | 0:2.0.11-1.GA.ep5.el5 |
| redhat/jboss-cluster-ha-server-api | <0:1.2.1-2.ep5.el5 | 0:1.2.1-2.ep5.el5 |
| redhat/jboss-common-beans | <0:1.0.1-2.1.Final.ep5.el5 | 0:1.0.1-2.1.Final.ep5.el5 |
| redhat/jboss-common-core | <0:2.2.21-1.ep5.el5 | 0:2.2.21-1.ep5.el5 |
| redhat/jboss-eap5-native | <0:5.2.0-6.ep5.el5 | 0:5.2.0-6.ep5.el5 |
| redhat/jboss-ejb3-cache | <0:1.0.0-4.ep5.el5 | 0:1.0.0-4.ep5.el5 |
| redhat/jboss-ejb3-core | <0:1.3.9-0.4.ep5.el5 | 0:1.3.9-0.4.ep5.el5 |
| redhat/jboss-ejb3-ext-api | <0:1.0.0-4.1.ep5.el5 | 0:1.0.0-4.1.ep5.el5 |
| redhat/jboss-ejb3-ext-api-impl | <0:1.0.0-3.7.ep5.el5 | 0:1.0.0-3.7.ep5.el5 |
| redhat/jboss-ejb3-interceptors | <0:1.0.9-0.1.ep5.el5 | 0:1.0.9-0.1.ep5.el5 |
| redhat/jboss-ejb3-metadata | <0:1.0.0-3.ep5.el5 | 0:1.0.0-3.ep5.el5 |
| redhat/jboss-ejb3-metrics-deployer | <0:1.1.1-0.1.ep5.el5 | 0:1.1.1-0.1.ep5.el5 |
| redhat/jboss-ejb3-security | <0:1.0.2-0.5.ep5.el5 | 0:1.0.2-0.5.ep5.el5 |
| redhat/jboss-ejb3-timeout | <0:0.1.1-0.5.ep5.el5 | 0:0.1.1-0.5.ep5.el5 |
| redhat/jboss-ejb3-transactions | <0:1.0.2-1.4.ep5.el5 | 0:1.0.2-1.4.ep5.el5 |
| redhat/jboss-javaee | <0:5.0.2-2.ep5.el5 | 0:5.0.2-2.ep5.el5 |
| redhat/jboss-jpa-deployers | <0:1.0.0-6.1SP2.ep5.el5 | 0:1.0.0-6.1SP2.ep5.el5 |
| redhat/jboss-logmanager | <0:1.1.2-6.GA_patch_01.ep5.el5 | 0:1.1.2-6.GA_patch_01.ep5.el5 |
| redhat/jboss-naming | <0:5.0.3-5.1.CP02.ep5.el5 | 0:5.0.3-5.1.CP02.ep5.el5 |
| redhat/jboss-reflect | <0:2.0.4-2.1.ep5.el5 | 0:2.0.4-2.1.ep5.el5 |
| redhat/jboss-remoting | <0:2.5.4-10.SP4.1.ep5.el5 | 0:2.5.4-10.SP4.1.ep5.el5 |
| redhat/jboss-seam2 | <0:2.2.6.EAP5-10.ep5.el5 | 0:2.2.6.EAP5-10.ep5.el5 |
| redhat/jboss-security-negotiation | <0:2.1.3-1.GA.ep5.el5 | 0:2.1.3-1.GA.ep5.el5 |
| redhat/jboss-security-spi | <1:2.0.5-4.SP3_1.ep5.el5 | 1:2.0.5-4.SP3_1.ep5.el5 |
| redhat/jbosssx2 | <0:2.0.5-8.SP3_1.ep5.el5 | 0:2.0.5-8.SP3_1.ep5.el5 |
| redhat/jbossts | <1:4.6.1-12.CP13.8.ep5.el5 | 1:4.6.1-12.CP13.8.ep5.el5 |
| redhat/jboss-vfs2 | <0:2.2.1-4.GA.ep5.el5 | 0:2.2.1-4.GA.ep5.el5 |
| redhat/jbossweb | <0:2.1.13-2_patch_01.ep5.el5 | 0:2.1.13-2_patch_01.ep5.el5 |
| redhat/jbossws | <0:3.1.2-13.SP15_patch_01.ep5.el5 | 0:3.1.2-13.SP15_patch_01.ep5.el5 |
| redhat/jbossws-common | <0:1.1.0-9.SP10.ep5.el5 | 0:1.1.0-9.SP10.ep5.el5 |
| redhat/jbossws-framework | <0:3.1.2-9.SP13.ep5.el5 | 0:3.1.2-9.SP13.ep5.el5 |
| redhat/jbossws-spi | <0:1.1.2-6.SP8.ep5.el5 | 0:1.1.2-6.SP8.ep5.el5 |
| redhat/jgroups | <1:2.6.22-1.ep5.el5 | 1:2.6.22-1.ep5.el5 |
| redhat/jopr-embedded | <0:1.3.4-19.SP6.9.ep5.el5 | 0:1.3.4-19.SP6.9.ep5.el5 |
| redhat/jopr-hibernate-plugin | <0:3.0.0-14.EmbJopr5.ep5.el5 | 0:3.0.0-14.EmbJopr5.ep5.el5 |
| redhat/jopr-jboss-as | <5-plugin-0:3.0.0-14.EmbJopr5.ep5.el5 | 5-plugin-0:3.0.0-14.EmbJopr5.ep5.el5 |
| redhat/jopr-jboss-cache-v3-plugin | <0:3.0.0-15.EmbJopr5.ep5.el5 | 0:3.0.0-15.EmbJopr5.ep5.el5 |
| redhat/picketlink-federation | <0:2.1.5-3.ep5.el5 | 0:2.1.5-3.ep5.el5 |
| redhat/picketlink-quickstarts | <0:2.1.5-1.ep5.el5 | 0:2.1.5-1.ep5.el5 |
| redhat/resteasy | <0:1.2.1-18.CP02_patch02.1.ep5.el5 | 0:1.2.1-18.CP02_patch02.1.ep5.el5 |
| redhat/rh-ewp-docs | <0:5.2.0-6.ep5.el5 | 0:5.2.0-6.ep5.el5 |
| redhat/rhq | <0:3.0.0-21.EmbJopr5.ep5.el5 | 0:3.0.0-21.EmbJopr5.ep5.el5 |
| redhat/rhq-jmx-plugin | <0:3.0.0-21.EmbJopr5.ep5.el5 | 0:3.0.0-21.EmbJopr5.ep5.el5 |
| redhat/rhq-platform-plugin | <0:3.0.0-14.EmbJopr5.ep5.el5 | 0:3.0.0-14.EmbJopr5.ep5.el5 |
| redhat/spring2 | <0:2.5.6-9.SEC03.1.ep5.el5 | 0:2.5.6-9.SEC03.1.ep5.el5 |
| redhat/wss4j | <0:1.5.12-4.1_patch_02.ep5.el5 | 0:1.5.12-4.1_patch_02.ep5.el5 |
| redhat/xerces-j2 | <0:2.9.1-10.patch02.ep5.el5 | 0:2.9.1-10.patch02.ep5.el5 |
| redhat/xml-commons | <0:1.3.04-8.2_patch_01.ep5.el5 | 0:1.3.04-8.2_patch_01.ep5.el5 |
| redhat/xml-security | <0:1.5.1-2.ep5.el5 | 0:1.5.1-2.ep5.el5 |
| redhat/aopalliance | <0:1.0-5.3.ep5.el6 | 0:1.0-5.3.ep5.el6 |
| redhat/apache-cxf | <0:2.2.12-6.1.patch_04.ep5.el6 | 0:2.2.12-6.1.patch_04.ep5.el6 |
| redhat/bsh2 | <0:2.0-0.b4.15.patch01.ep5.el6 | 0:2.0-0.b4.15.patch01.ep5.el6 |
| redhat/glassfish-jaxb | <0:2.1.12-12_patch_03.ep5.el6 | 0:2.1.12-12_patch_03.ep5.el6 |
| redhat/google-guice | <0:2.0-3.ep5.el6 | 0:2.0-3.ep5.el6 |
| redhat/hibernate3 | <1:3.3.2-1.9.GA_CP05.ep5.el6 | 1:3.3.2-1.9.GA_CP05.ep5.el6 |
| redhat/hibernate3-annotations | <0:3.4.0-3.6.GA_CP05.ep5.el6 | 0:3.4.0-3.6.GA_CP05.ep5.el6 |
| redhat/hibernate3-entitymanager | <0:3.4.0-4.5.GA_CP05.ep5.el6 | 0:3.4.0-4.5.GA_CP05.ep5.el6 |
| redhat/hibernate3-search | <0:3.1.1-2.5.GA_CP05.ep5.el6 | 0:3.1.1-2.5.GA_CP05.ep5.el6 |
| redhat/hsqldb | <2:1.8.0.10-11_patch_01.1.ep5.el6 | 2:1.8.0.10-11_patch_01.1.ep5.el6 |
| redhat/jacorb-jboss | <0:2.3.2-2.jboss_1.ep5.el6 | 0:2.3.2-2.jboss_1.ep5.el6 |
| redhat/javassist | <0:3.12.0-6.SP1.ep5.el6 | 0:3.12.0-6.SP1.ep5.el6 |
| redhat/jboss-aop2 | <0:2.1.6-5.CP06.ep5.el6 | 0:2.1.6-5.CP06.ep5.el6 |
| redhat/jbossas-web | <0:5.2.0-16.ep5.el6 | 0:5.2.0-16.ep5.el6 |
| redhat/jbossas-web-tp-licenses | <0:5.2.0-8.ep5.el6 | 0:5.2.0-8.ep5.el6 |
| redhat/jbossas-ws-cxf-ewp | <0:5.2.0-11.ep5.el6 | 0:5.2.0-11.ep5.el6 |
| redhat/jboss-bootstrap | <0:1.0.2-1.ep5.el6 | 0:1.0.2-1.ep5.el6 |
| redhat/jboss-cache-core | <0:3.2.11-1.GA.ep5.el6 | 0:3.2.11-1.GA.ep5.el6 |
| redhat/jboss-cache-pojo | <0:3.0.1-1.ep5.el6 | 0:3.0.1-1.ep5.el6 |
| redhat/jboss-cl | <0:2.0.11-4.GA.ep5.el6 | 0:2.0.11-4.GA.ep5.el6 |
| redhat/jboss-cluster-ha-server-api | <0:1.2.1-2.ep5.el6 | 0:1.2.1-2.ep5.el6 |
| redhat/jboss-common-beans | <0:1.0.1-2.Final.ep5.el6 | 0:1.0.1-2.Final.ep5.el6 |
| redhat/jboss-common-core | <0:2.2.21-1.ep5.el6 | 0:2.2.21-1.ep5.el6 |
| redhat/jboss-eap5-native | <0:5.2.0-6.ep5.el6 | 0:5.2.0-6.ep5.el6 |
| redhat/jboss-ejb3-cache | <0:1.0.0-4.ep5.el6 | 0:1.0.0-4.ep5.el6 |
| redhat/jboss-ejb3-core | <0:1.3.9-0.4.ep5.el6 | 0:1.3.9-0.4.ep5.el6 |
| redhat/jboss-ejb3-ext-api | <0:1.0.0-4.1.ep5.el6 | 0:1.0.0-4.1.ep5.el6 |
| redhat/jboss-ejb3-ext-api-impl | <0:1.0.0-3.7.ep5.el6 | 0:1.0.0-3.7.ep5.el6 |
| redhat/jboss-ejb3-interceptors | <0:1.0.9-0.2.ep5.el6 | 0:1.0.9-0.2.ep5.el6 |
| redhat/jboss-ejb3-metadata | <0:1.0.0-3.ep5.el6 | 0:1.0.0-3.ep5.el6 |
| redhat/jboss-ejb3-metrics-deployer | <0:1.1.1-0.1.ep5.el6 | 0:1.1.1-0.1.ep5.el6 |
| redhat/jboss-ejb3-security | <0:1.0.2-0.5.ep5.el6 | 0:1.0.2-0.5.ep5.el6 |
| redhat/jboss-ejb3-timeout | <0:0.1.1-0.8.ep5.el6 | 0:0.1.1-0.8.ep5.el6 |
| redhat/jboss-ejb3-transactions | <0:1.0.2-1.6.ep5.el6 | 0:1.0.2-1.6.ep5.el6 |
| redhat/jboss-javaee | <0:5.0.2-2.ep5.el6 | 0:5.0.2-2.ep5.el6 |
| redhat/jboss-jpa-deployers | <0:1.0.0-6.SP2.ep5.el6 | 0:1.0.0-6.SP2.ep5.el6 |
| redhat/jboss-logmanager | <0:1.1.2-6.GA_patch_01.ep5.el6 | 0:1.1.2-6.GA_patch_01.ep5.el6 |
| redhat/jboss-naming | <0:5.0.3-5.CP02.ep5.el6 | 0:5.0.3-5.CP02.ep5.el6 |
| redhat/jboss-reflect | <0:2.0.4-2.ep5.el6 | 0:2.0.4-2.ep5.el6 |
| redhat/jboss-remoting | <0:2.5.4-10.SP4.1.ep5.el6 | 0:2.5.4-10.SP4.1.ep5.el6 |
| redhat/jboss-seam2 | <0:2.2.6.EAP5-14.ep5.el6 | 0:2.2.6.EAP5-14.ep5.el6 |
| redhat/jboss-security-negotiation | <0:2.1.3-1.GA.ep5.el6 | 0:2.1.3-1.GA.ep5.el6 |
| redhat/jboss-security-spi | <1:2.0.5-4.SP3_1.ep5.el6 | 1:2.0.5-4.SP3_1.ep5.el6 |
| redhat/jbosssx2 | <0:2.0.5-8.3.SP3_1.ep5.el6 | 0:2.0.5-8.3.SP3_1.ep5.el6 |
| redhat/jbossts | <1:4.6.1-12.CP13.7.ep5.el6 | 1:4.6.1-12.CP13.7.ep5.el6 |
| redhat/jboss-vfs2 | <0:2.2.1-4.GA.ep5.el6 | 0:2.2.1-4.GA.ep5.el6 |
| redhat/jbossweb | <0:2.1.13-2_patch_01.ep5.el6 | 0:2.1.13-2_patch_01.ep5.el6 |
| redhat/jbossws | <0:3.1.2-13.SP15_patch_01.ep5.el6 | 0:3.1.2-13.SP15_patch_01.ep5.el6 |
| redhat/jbossws-common | <0:1.1.0-9.SP10.ep5.el6 | 0:1.1.0-9.SP10.ep5.el6 |
| redhat/jbossws-framework | <0:3.1.2-9.SP13.ep5.el6 | 0:3.1.2-9.SP13.ep5.el6 |
| redhat/jbossws-spi | <0:1.1.2-6.SP8.ep5.el6 | 0:1.1.2-6.SP8.ep5.el6 |
| redhat/jgroups | <1:2.6.22-1.ep5.el6 | 1:2.6.22-1.ep5.el6 |
| redhat/jopr-embedded | <0:1.3.4-19.SP6.9.ep5.el6 | 0:1.3.4-19.SP6.9.ep5.el6 |
| redhat/jopr-hibernate-plugin | <0:3.0.0-14.EmbJopr5.ep5.el6 | 0:3.0.0-14.EmbJopr5.ep5.el6 |
| redhat/jopr-jboss-as | <5-plugin-0:3.0.0-16.EmbJopr5.ep5.el6 | 5-plugin-0:3.0.0-16.EmbJopr5.ep5.el6 |
| redhat/jopr-jboss-cache-v3-plugin | <0:3.0.0-15.EmbJopr5.ep5.el6 | 0:3.0.0-15.EmbJopr5.ep5.el6 |
| redhat/picketlink-federation | <0:2.1.5-3.ep5.el6 | 0:2.1.5-3.ep5.el6 |
| redhat/picketlink-quickstarts | <0:2.1.5-1.ep5.el6 | 0:2.1.5-1.ep5.el6 |
| redhat/resteasy | <0:1.2.1-17.CP02_patch02.1.ep5.el6 | 0:1.2.1-17.CP02_patch02.1.ep5.el6 |
| redhat/rh-ewp-docs | <0:5.2.0-11.ep5.el6 | 0:5.2.0-11.ep5.el6 |
| redhat/rhq | <0:3.0.0-21.EmbJopr5.ep5.el6 | 0:3.0.0-21.EmbJopr5.ep5.el6 |
| redhat/rhq-jmx-plugin | <0:3.0.0-21.EmbJopr5.ep5.el6 | 0:3.0.0-21.EmbJopr5.ep5.el6 |
| redhat/rhq-platform-plugin | <0:3.0.0-14.EmbJopr5.ep5.el6 | 0:3.0.0-14.EmbJopr5.ep5.el6 |
| redhat/spring2 | <0:2.5.6-9.SEC03.1.ep5.el6 | 0:2.5.6-9.SEC03.1.ep5.el6 |
| redhat/wss4j | <0:1.5.12-4_patch_02.ep5.el6 | 0:1.5.12-4_patch_02.ep5.el6 |
| redhat/xerces-j2 | <0:2.9.1-10.patch02.ep5.el6 | 0:2.9.1-10.patch02.ep5.el6 |
| redhat/xml-commons | <0:1.3.04-8.2_patch_01.ep5.el6 | 0:1.3.04-8.2_patch_01.ep5.el6 |
| redhat/xml-security | <0:1.5.1-2.ep5.el6 | 0:1.5.1-2.ep5.el6 |
| redhat/aopalliance | <0:1.0-5.2.jdk6.ep5.el4 | 0:1.0-5.2.jdk6.ep5.el4 |
| redhat/apache-cxf | <0:2.2.12-6.1.patch_04.ep5.el4 | 0:2.2.12-6.1.patch_04.ep5.el4 |
| redhat/bsh2 | <0:2.0-0.b4.15.1.patch01.ep5.el4 | 0:2.0-0.b4.15.1.patch01.ep5.el4 |
| redhat/glassfish-jaxb | <0:2.1.12-12_patch_03.ep5.el4 | 0:2.1.12-12_patch_03.ep5.el4 |
| redhat/google-guice | <0:2.0-3.ep5.el4 | 0:2.0-3.ep5.el4 |
| redhat/hibernate3 | <1:3.3.2-1.6.GA_CP05.ep5.el4 | 1:3.3.2-1.6.GA_CP05.ep5.el4 |
| redhat/hibernate3-annotations | <0:3.4.0-3.4.GA_CP05.ep5.el4 | 0:3.4.0-3.4.GA_CP05.ep5.el4 |
| redhat/hibernate3-entitymanager | <0:3.4.0-4.4.GA_CP05.ep5.el4 | 0:3.4.0-4.4.GA_CP05.ep5.el4 |
| redhat/hibernate3-search | <0:3.1.1-2.3.GA_CP05.ep5.el4 | 0:3.1.1-2.3.GA_CP05.ep5.el4 |
| redhat/hornetq | <0:2.2.24-1.EAP.GA.ep5.el4 | 0:2.2.24-1.EAP.GA.ep5.el4 |
| redhat/hornetq-native | <0:2.2.20-1.EAP.GA.1.ep5.el4 | 0:2.2.20-1.EAP.GA.1.ep5.el4 |
| redhat/jacorb-jboss | <0:2.3.2-2.jboss_1.ep5.el4 | 0:2.3.2-2.jboss_1.ep5.el4 |
| redhat/javassist | <0:3.12.0-6.SP1.ep5.el4 | 0:3.12.0-6.SP1.ep5.el4 |
| redhat/jboss-aop2 | <0:2.1.6-5.CP06.ep5.el4 | 0:2.1.6-5.CP06.ep5.el4 |
| redhat/jbossas | <0:5.2.0-14.ep5.el4 | 0:5.2.0-14.ep5.el4 |
| redhat/jbossas-hornetq | <0:5.2.0-6.ep5.el4 | 0:5.2.0-6.ep5.el4 |
| redhat/jbossas-tp-licenses | <0:5.2.0-7.ep5.el4 | 0:5.2.0-7.ep5.el4 |
| redhat/jbossas-ws-cxf | <0:5.2.0-8.ep5.el4 | 0:5.2.0-8.ep5.el4 |
| redhat/jboss-bootstrap | <0:1.0.2-1.ep5.el4 | 0:1.0.2-1.ep5.el4 |
| redhat/jboss-cache-core | <0:3.2.11-1.GA.ep5.el4 | 0:3.2.11-1.GA.ep5.el4 |
| redhat/jboss-cache-pojo | <0:3.0.1-1.1.ep5.el4 | 0:3.0.1-1.1.ep5.el4 |
| redhat/jboss-cl | <0:2.0.11-1.GA.ep5.el4 | 0:2.0.11-1.GA.ep5.el4 |
| redhat/jboss-cluster-ha-server-api | <0:1.2.1-2.ep5.el4 | 0:1.2.1-2.ep5.el4 |
| redhat/jboss-common-beans | <0:1.0.1-2.1.Final.ep5.el4 | 0:1.0.1-2.1.Final.ep5.el4 |
| redhat/jboss-common-core | <0:2.2.21-1.ep5.el4 | 0:2.2.21-1.ep5.el4 |
| redhat/jboss-eap5-native | <0:5.2.0-6.ep5.el4 | 0:5.2.0-6.ep5.el4 |
| redhat/jboss-ejb3-cache | <0:1.0.0-4.ep5.el4 | 0:1.0.0-4.ep5.el4 |
| redhat/jboss-ejb3-core | <0:1.3.9-0.4.ep5.el4 | 0:1.3.9-0.4.ep5.el4 |
| redhat/jboss-ejb3-ext-api | <0:1.0.0-4.1.ep5.el4 | 0:1.0.0-4.1.ep5.el4 |
| redhat/jboss-ejb3-ext-api-impl | <0:1.0.0-3.7.ep5.el4 | 0:1.0.0-3.7.ep5.el4 |
| redhat/jboss-ejb3-interceptors | <0:1.0.9-0.1.ep5.el4 | 0:1.0.9-0.1.ep5.el4 |
| redhat/jboss-ejb3-metadata | <0:1.0.0-3.ep5.el4 | 0:1.0.0-3.ep5.el4 |
| redhat/jboss-ejb3-metrics-deployer | <0:1.1.1-0.1.ep5.el4 | 0:1.1.1-0.1.ep5.el4 |
| redhat/jboss-ejb3-security | <0:1.0.2-0.5.ep5.el4 | 0:1.0.2-0.5.ep5.el4 |
| redhat/jboss-ejb3-timeout | <0:0.1.1-0.5.ep5.el4 | 0:0.1.1-0.5.ep5.el4 |
| redhat/jboss-ejb3-transactions | <0:1.0.2-1.4.ep5.el4 | 0:1.0.2-1.4.ep5.el4 |
| redhat/jboss-javaee | <0:5.0.2-2.ep5.el4 | 0:5.0.2-2.ep5.el4 |
| redhat/jboss-jpa-deployers | <0:1.0.0-6.SP2.ep5.el4 | 0:1.0.0-6.SP2.ep5.el4 |
| redhat/jboss-logmanager | <0:1.1.2-6.GA_patch_01.ep5.el4 | 0:1.1.2-6.GA_patch_01.ep5.el4 |
| redhat/jboss-messaging | <0:1.4.8-12.SP9.1.ep5.el4 | 0:1.4.8-12.SP9.1.ep5.el4 |
| redhat/jboss-naming | <0:5.0.3-5.CP02.ep5.el4 | 0:5.0.3-5.CP02.ep5.el4 |
| redhat/jboss-reflect | <0:2.0.4-2.1.ep5.el4 | 0:2.0.4-2.1.ep5.el4 |
| redhat/jboss-remoting | <0:2.5.4-10.SP4.1.ep5.el4 | 0:2.5.4-10.SP4.1.ep5.el4 |
| redhat/jboss-seam2 | <0:2.2.6.EAP5-9.ep5.el4 | 0:2.2.6.EAP5-9.ep5.el4 |
| redhat/jboss-security-negotiation | <0:2.1.3-1.GA.ep5.el4 | 0:2.1.3-1.GA.ep5.el4 |
| redhat/jboss-security-spi | <1:2.0.5-4.SP3_1.ep5.el4 | 1:2.0.5-4.SP3_1.ep5.el4 |
| redhat/jbosssx2 | <0:2.0.5-8.3.SP3_1.ep5.el4 | 0:2.0.5-8.3.SP3_1.ep5.el4 |
| redhat/jbossts | <1:4.6.1-12.CP13.8.ep5.el4 | 1:4.6.1-12.CP13.8.ep5.el4 |
| redhat/jboss-vfs2 | <0:2.2.1-2.GA.ep5.el4 | 0:2.2.1-2.GA.ep5.el4 |
| redhat/jbossweb | <0:2.1.13-2_patch_01.ep5.el4 | 0:2.1.13-2_patch_01.ep5.el4 |
| redhat/jbossws | <0:3.1.2-13.SP15_patch_01.ep5.el4 | 0:3.1.2-13.SP15_patch_01.ep5.el4 |
| redhat/jbossws-common | <0:1.1.0-9.SP10.ep5.el4 | 0:1.1.0-9.SP10.ep5.el4 |
| redhat/jbossws-framework | <0:3.1.2-9.SP13.ep5.el4 | 0:3.1.2-9.SP13.ep5.el4 |
| redhat/jbossws-spi | <0:1.1.2-6.SP8.ep5.el4 | 0:1.1.2-6.SP8.ep5.el4 |
| redhat/jgroups | <1:2.6.22-1.ep5.el4 | 1:2.6.22-1.ep5.el4 |
| redhat/jopr-embedded | <0:1.3.4-19.SP6.9.ep5.el4 | 0:1.3.4-19.SP6.9.ep5.el4 |
| redhat/jopr-hibernate-plugin | <0:3.0.0-14.EmbJopr5.ep5.el4 | 0:3.0.0-14.EmbJopr5.ep5.el4 |
| redhat/jopr-jboss-as | <5-plugin-0:3.0.0-15.EmbJopr5.ep5.el4 | 5-plugin-0:3.0.0-15.EmbJopr5.ep5.el4 |
| redhat/jopr-jboss-cache-v3-plugin | <0:3.0.0-15.EmbJopr5.ep5.el4 | 0:3.0.0-15.EmbJopr5.ep5.el4 |
| redhat/netty | <0:3.2.5-6.ep5.el4 | 0:3.2.5-6.ep5.el4 |
| redhat/picketlink-federation | <0:2.1.5-3.ep5.el4 | 0:2.1.5-3.ep5.el4 |
| redhat/picketlink-quickstarts | <0:2.1.5-1.ep5.el4 | 0:2.1.5-1.ep5.el4 |
| redhat/resteasy | <0:1.2.1-18.CP02_patch02.1.ep5.el4 | 0:1.2.1-18.CP02_patch02.1.ep5.el4 |
| redhat/rh-eap-docs | <0:5.2.0-7.ep5.el4 | 0:5.2.0-7.ep5.el4 |
| redhat/rhq | <0:3.0.0-22.EmbJopr5.ep5.el4 | 0:3.0.0-22.EmbJopr5.ep5.el4 |
| redhat/rhq-jmx-plugin | <0:3.0.0-21.EmbJopr5.ep5.el4 | 0:3.0.0-21.EmbJopr5.ep5.el4 |
| redhat/rhq-platform-plugin | <0:3.0.0-15.EmbJopr5.ep5.el4 | 0:3.0.0-15.EmbJopr5.ep5.el4 |
| redhat/spring2 | <0:2.5.6-9.SEC03.1.ep5.el4 | 0:2.5.6-9.SEC03.1.ep5.el4 |
| redhat/wss4j | <0:1.5.12-4.2_patch_02.ep5.el4 | 0:1.5.12-4.2_patch_02.ep5.el4 |
| redhat/xerces-j2 | <0:2.9.1-10.patch02.ep5.el4 | 0:2.9.1-10.patch02.ep5.el4 |
| redhat/xml-commons | <1:1.3.04-8.2_patch_01.ep5.el4 | 1:1.3.04-8.2_patch_01.ep5.el4 |
| redhat/xml-security | <0:1.5.1-2.ep5.el4 | 0:1.5.1-2.ep5.el4 |
| redhat/hornetq | <0:2.2.24-1.EAP.GA.ep5.el5 | 0:2.2.24-1.EAP.GA.ep5.el5 |
| redhat/hornetq-native | <0:2.2.20-1.EAP.GA.1.ep5.el5 | 0:2.2.20-1.EAP.GA.1.ep5.el5 |
| redhat/jbossas | <0:5.2.0-14.ep5.el5 | 0:5.2.0-14.ep5.el5 |
| redhat/jbossas-hornetq | <0:5.2.0-5.ep5.el5 | 0:5.2.0-5.ep5.el5 |
| redhat/jbossas-tp-licenses | <0:5.2.0-7.ep5.el5 | 0:5.2.0-7.ep5.el5 |
| redhat/jbossas-ws-cxf | <0:5.2.0-7.ep5.el5 | 0:5.2.0-7.ep5.el5 |
| redhat/jboss-messaging | <0:1.4.8-12.SP9.1.ep5.el5 | 0:1.4.8-12.SP9.1.ep5.el5 |
| redhat/netty | <0:3.2.5-6.ep5.el5 | 0:3.2.5-6.ep5.el5 |
| redhat/rh-eap-docs | <0:5.2.0-6.ep5.el5 | 0:5.2.0-6.ep5.el5 |
| redhat/hornetq | <0:2.2.24-1.EAP.GA.ep5.el6 | 0:2.2.24-1.EAP.GA.ep5.el6 |
| redhat/hornetq-native | <0:2.2.20-1.EAP.GA.ep5.el6 | 0:2.2.20-1.EAP.GA.ep5.el6 |
| redhat/jbossas | <0:5.2.0-16.ep5.el6 | 0:5.2.0-16.ep5.el6 |
| redhat/jbossas-hornetq | <0:5.2.0-7.ep5.el6 | 0:5.2.0-7.ep5.el6 |
| redhat/jbossas-tp-licenses | <0:5.2.0-8.ep5.el6 | 0:5.2.0-8.ep5.el6 |
| redhat/jbossas-ws-cxf | <0:5.2.0-10.ep5.el6 | 0:5.2.0-10.ep5.el6 |
| redhat/jboss-messaging | <0:1.4.8-12.SP9.1.ep5.el6 | 0:1.4.8-12.SP9.1.ep5.el6 |
| redhat/netty | <0:3.2.5-6.ep5.el6 | 0:3.2.5-6.ep5.el6 |
| redhat/rh-eap-docs | <0:5.2.0-10.ep5.el6 | 0:5.2.0-10.ep5.el6 |
| Redhat Jboss Enterprise Application Platform | =5.2.0 | |
| Redhat Jboss Enterprise Web Platform | =5.2.0 | |
| Redhat Jboss Enterprise Brms Platform | <=5.3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2012-0874 https://nvd.nist.gov/vuln/detail/CVE-2012-0874
- https://bugzilla.redhat.com/show_bug.cgi?id=795645
- https://access.redhat.com/errata/RHSA-2013:0196
- https://access.redhat.com/errata/RHSA-2013:0195
- https://access.redhat.com/errata/RHSA-2013:0221
- https://access.redhat.com/errata/RHSA-2013:0194
- https://access.redhat.com/errata/RHSA-2013:0193
- https://access.redhat.com/errata/RHSA-2013:0192
- https://access.redhat.com/errata/RHSA-2013:0191
- https://access.redhat.com/errata/RHSA-2013:0533
- https://access.redhat.com/errata/RHSA-2013:0198
- https://access.redhat.com/security/cve/CVE-2012-0874
- https://rhn.redhat.com/errata/RHSA-2013-0194.html
- https://rhn.redhat.com/errata/RHSA-2013-0192.html
- https://rhn.redhat.com/errata/RHSA-2013-0191.html
- https://rhn.redhat.com/errata/RHSA-2013-0195.html
- https://rhn.redhat.com/errata/RHSA-2013-0193.html
- https://rhn.redhat.com/errata/RHSA-2013-0197.html
- https://rhn.redhat.com/errata/RHSA-2013-0196.html
- https://rhn.redhat.com/errata/RHSA-2013-0198.html
- https://rhn.redhat.com/errata/RHSA-2013-0221.html
- https://rhn.redhat.com/errata/RHSA-2013-0533.html
- http://archives.neohapsis.com/archives/bugtraq/2013-12/0134.html
- http://rhn.redhat.com/errata/RHSA-2013-0191.html
- http://rhn.redhat.com/errata/RHSA-2013-0192.html
- http://rhn.redhat.com/errata/RHSA-2013-0193.html
- http://rhn.redhat.com/errata/RHSA-2013-0194.html
- http://rhn.redhat.com/errata/RHSA-2013-0195.html
- http://rhn.redhat.com/errata/RHSA-2013-0196.html
- http://rhn.redhat.com/errata/RHSA-2013-0197.html
- http://rhn.redhat.com/errata/RHSA-2013-0198.html
- http://rhn.redhat.com/errata/RHSA-2013-0221.html
- http://rhn.redhat.com/errata/RHSA-2013-0533.html
- http://secunia.com/advisories/51984
- http://secunia.com/advisories/52054
- http://securitytracker.com/id?1028042
- http://www.exploit-db.com/exploits/30211
- http://www.securityfocus.com/bid/57552
- https://exchange.xforce.ibmcloud.com/vulnerabilities/81511
Parent vulnerabilities
(Appears in the following advisories)
- collector/redhat-cve
- collector/nvd-index
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/references
- agent/last-modified-date
- agent/author
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2012-0874
- agent/tags
- agent/trending
- package-manager/redhat
- vendor/redhat
- canonical/redhat jboss enterprise application platform
- version/redhat jboss enterprise application platform/5.2.0
- canonical/redhat jboss enterprise web platform
- version/redhat jboss enterprise web platform/5.2.0
- canonical/redhat jboss enterprise brms platform
- version/redhat jboss enterprise brms platform/5.3.0