CVE-2012-3370
First published: Tue Feb 05 2013(Updated: )
The SecurityAssociation.getCredential method in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 returns the credentials of the previous user when a security context is not provided, which allows remote attackers to gain privileges as other users.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| JBoss Enterprise Application Platform | =5.2.0 | |
| Red Hat JBoss Enterprise Web Platform | =5.2.0 | |
| Red Hat JBoss Enterprise BRMS Platform | <=5.3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://rhn.redhat.com/errata/RHSA-2013-0191.html
- http://rhn.redhat.com/errata/RHSA-2013-0192.html
- http://rhn.redhat.com/errata/RHSA-2013-0193.html
- http://rhn.redhat.com/errata/RHSA-2013-0194.html
- http://rhn.redhat.com/errata/RHSA-2013-0195.html
- http://rhn.redhat.com/errata/RHSA-2013-0196.html
- http://rhn.redhat.com/errata/RHSA-2013-0197.html
- http://rhn.redhat.com/errata/RHSA-2013-0198.html
- http://rhn.redhat.com/errata/RHSA-2013-0221.html
- http://rhn.redhat.com/errata/RHSA-2013-0533.html
- http://secunia.com/advisories/51984
- http://secunia.com/advisories/52054
- http://securitytracker.com/id?1028042
- http://www.osvdb.org/89581
- http://www.securityfocus.com/bid/57550
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=836456
- https://exchange.xforce.ibmcloud.com/vulnerabilities/81513
Frequently Asked Questions
What is the severity of CVE-2012-3370?
CVE-2012-3370 is classified as a high-severity vulnerability due to its potential for unauthorized access to user credentials.
How do I fix CVE-2012-3370?
To mitigate CVE-2012-3370, you should upgrade to JBoss Enterprise Application Platform version 5.2.0 or later.
What impact does CVE-2012-3370 have on affected software?
CVE-2012-3370 allows attackers to retrieve previous user credentials when no security context is specified, leading to potential credential leakage.
Which versions are affected by CVE-2012-3370?
CVE-2012-3370 affects JBoss EAP versions before 5.2.0, Web Platform versions before 5.2.0, and BRMS/SOA Platforms before 5.3.1.
Who is at risk from CVE-2012-3370?
Organizations using vulnerable versions of JBoss platforms are at risk of credential exposure due to CVE-2012-3370.
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/author
- agent/references
- agent/severity
- agent/weakness
- agent/description
- agent/event
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/redhat
- canonical/jboss enterprise application platform
- version/jboss enterprise application platform/5.2.0
- canonical/red hat jboss enterprise web platform
- version/red hat jboss enterprise web platform/5.2.0
- canonical/red hat jboss enterprise brms platform
- version/red hat jboss enterprise brms platform/5.3.0