CVE-2012-4549
First published: Sat Jan 05 2013(Updated: )
The processInvocation function in org.jboss.as.ejb3.security.AuthorizationInterceptor in JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) before 6.0.1, authorizes all requests when no roles are allowed for an Enterprise Java Beans (EJB) method invocation, which allows attackers to bypass intended access restrictions for EJB methods.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat JBoss Enterprise Application Platform | <=6.0.0 | |
| Red Hat JBoss Enterprise Application Platform | =4.2.0 | |
| Red Hat JBoss Enterprise Application Platform | =4.3.0 | |
| Red Hat JBoss Enterprise Application Platform | =5.0.0 | |
| Red Hat JBoss Enterprise Application Platform | =5.0.1 | |
| Red Hat JBoss Enterprise Application Platform | =5.1.0 | |
| Red Hat JBoss Enterprise Application Platform | =5.1.1 | |
| Red Hat JBoss Enterprise Application Platform | =5.1.2 | |
| Red Hat JBoss Enterprise Application Platform | =5.2.0 | |
| Red Hat JBoss Enterprise Application Platform | =5.2.1 | |
| Red Hat JBoss Enterprise Application Platform | =5.2.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2012-4549?
CVE-2012-4549 is considered a critical vulnerability due to the potential for unauthorized access to EJB methods.
How do I fix CVE-2012-4549?
To fix CVE-2012-4549, upgrade your JBoss Enterprise Application Platform to a version that is 6.0.1 or above.
What systems are affected by CVE-2012-4549?
CVE-2012-4549 affects various versions of Red Hat JBoss Enterprise Application Platform, including versions up to 6.0.0 and specific older versions.
What type of vulnerability is CVE-2012-4549?
CVE-2012-4549 is an authorization bypass vulnerability that affects the processInvocation function in the AuthorizationInterceptor.
How can attackers exploit CVE-2012-4549?
Attackers can exploit CVE-2012-4549 by making unauthorized requests to EJB method invocations when no roles are required.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/redhat
- canonical/red hat jboss enterprise application platform
- version/red hat jboss enterprise application platform/6.0.0
- version/red hat jboss enterprise application platform/4.2.0
- version/red hat jboss enterprise application platform/4.3.0
- version/red hat jboss enterprise application platform/5.0.0
- version/red hat jboss enterprise application platform/5.0.1
- version/red hat jboss enterprise application platform/5.1.0
- version/red hat jboss enterprise application platform/5.1.1
- version/red hat jboss enterprise application platform/5.1.2
- version/red hat jboss enterprise application platform/5.2.0
- version/red hat jboss enterprise application platform/5.2.1
- version/red hat jboss enterprise application platform/5.2.2