CVE-2012-3369
First published: Fri Jun 29 2012(Updated: )
The CallerIdentityLoginModule in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 allows remote attackers to gain privileges of the previous user via a null password, which causes the previous user's password to be used.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat JBoss Enterprise Web Platform | =5.2.0 | |
| JBoss Enterprise Application Platform | =5.2.0 | |
| Red Hat JBoss Enterprise BRMS Platform | <=5.3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://issues.jboss.org/browse/JBPAPP-9388
- https://rhn.redhat.com/errata/RHSA-2013-0194.html
- https://rhn.redhat.com/errata/RHSA-2013-0192.html
- https://rhn.redhat.com/errata/RHSA-2013-0191.html
- https://rhn.redhat.com/errata/RHSA-2013-0195.html
- https://rhn.redhat.com/errata/RHSA-2013-0193.html
- https://rhn.redhat.com/errata/RHSA-2013-0197.html
- https://rhn.redhat.com/errata/RHSA-2013-0196.html
- https://rhn.redhat.com/errata/RHSA-2013-0198.html
- https://rhn.redhat.com/errata/RHSA-2013-0221.html
- https://rhn.redhat.com/errata/RHSA-2013-0533.html
- https://bugzilla.redhat.com/show_bug.cgi?id=836451
- http://rhn.redhat.com/errata/RHSA-2013-0191.html
- http://rhn.redhat.com/errata/RHSA-2013-0192.html
- http://rhn.redhat.com/errata/RHSA-2013-0193.html
- http://rhn.redhat.com/errata/RHSA-2013-0194.html
- http://rhn.redhat.com/errata/RHSA-2013-0195.html
- http://rhn.redhat.com/errata/RHSA-2013-0196.html
- http://rhn.redhat.com/errata/RHSA-2013-0197.html
- http://rhn.redhat.com/errata/RHSA-2013-0198.html
- http://rhn.redhat.com/errata/RHSA-2013-0221.html
- http://rhn.redhat.com/errata/RHSA-2013-0533.html
- http://secunia.com/advisories/51984
- http://secunia.com/advisories/52054
- http://securitytracker.com/id?1028042
- http://www.securityfocus.com/bid/57547
- https://exchange.xforce.ibmcloud.com/vulnerabilities/81512
Frequently Asked Questions
What is the severity of CVE-2012-3369?
CVE-2012-3369 is considered a high severity vulnerability as it allows remote attackers to gain unauthorized privileges.
How do I fix CVE-2012-3369?
To fix CVE-2012-3369, you should upgrade to JBoss Enterprise Application Platform version 5.2.0 or later, or the appropriate version of the affected platforms.
Which software versions are affected by CVE-2012-3369?
CVE-2012-3369 affects JBoss Enterprise Application Platform and JBoss Enterprise Web Platform versions before 5.2.0 and JBoss Enterprise BRMS Platform versions up to and including 5.3.0.
What impact does CVE-2012-3369 have on my system?
The impact of CVE-2012-3369 is that unauthorized users could potentially gain access to the previous user's privileges through a null password.
Is CVE-2012-3369 being actively exploited?
There have been indications that CVE-2012-3369 could be targeted for exploitation due to its remote access capabilities.
- collector/redhat-bugzilla
- alias/CVE-2012-3369
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- agent/author
- agent/references
- agent/severity
- agent/weakness
- agent/description
- agent/event
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/redhat
- canonical/red hat jboss enterprise web platform
- version/red hat jboss enterprise web platform/5.2.0
- canonical/jboss enterprise application platform
- version/jboss enterprise application platform/5.2.0
- canonical/red hat jboss enterprise brms platform
- version/red hat jboss enterprise brms platform/5.3.0