CVE-2012-4572
First published: Thu Nov 01 2012(Updated: )
If multiple applications use the same custom authorization module class name, and provide their own implementations of it, the first application to be loaded will have its implementation used for all applications using the same custom authorization module class name. A local attacker could use this flaw to deploy a malicious application that provides implementations of custom authorization modules that permit or deny user access according to rules supplied by the attacker.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Redhat Jboss Enterprise Application Platform | <=6.0.1 | |
| Redhat Jboss Enterprise Application Platform | =4.2.0 | |
| Redhat Jboss Enterprise Application Platform | =4.3.0 | |
| Redhat Jboss Enterprise Application Platform | =5.0.0 | |
| Redhat Jboss Enterprise Application Platform | =5.0.1 | |
| Redhat Jboss Enterprise Application Platform | =5.1.0 | |
| Redhat Jboss Enterprise Application Platform | =5.1.1 | |
| Redhat Jboss Enterprise Application Platform | =5.1.2 | |
| Redhat Jboss Enterprise Application Platform | =5.2.0 | |
| Redhat Jboss Enterprise Application Platform | =5.2.1 | |
| Redhat Jboss Enterprise Application Platform | =5.2.2 | |
| Redhat Jboss Enterprise Application Platform | =6.0.0 | |
| Redhat Jboss Enterprise Portal Platform | <=6.0.0 | |
| Redhat Jboss Enterprise Portal Platform | =4.3.0 | |
| Redhat Jboss Enterprise Portal Platform | =5.0.0 | |
| Redhat Jboss Enterprise Portal Platform | =5.0.1 | |
| Redhat Jboss Enterprise Portal Platform | =5.1.0 | |
| Redhat Jboss Enterprise Portal Platform | =5.1.1 | |
| Redhat Jboss Enterprise Portal Platform | =5.2.0 | |
| Redhat Jboss Enterprise Portal Platform | =5.2.1 | |
| Redhat Jboss Enterprise Portal Platform | =5.2.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://rhn.redhat.com/errata/RHSA-2013-0833.html
- https://rhn.redhat.com/errata/RHSA-2013-0834.html
- https://rhn.redhat.com/errata/RHSA-2013-0839.html
- https://rhn.redhat.com/errata/RHSA-2013-1437.html
- https://bugzilla.redhat.com/show_bug.cgi?id=872059
- http://rhn.redhat.com/errata/RHSA-2013-0833.html
- http://rhn.redhat.com/errata/RHSA-2013-0834.html
- http://rhn.redhat.com/errata/RHSA-2013-1437.html
- collector/redhat-bugzilla
- alias/CVE-2012-4572
- collector/nvd-index
- agent/author
- agent/type
- agent/weakness
- agent/softwarecombine
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- agent/severity
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/redhat
- canonical/redhat jboss enterprise application platform
- version/redhat jboss enterprise application platform/6.0.1
- version/redhat jboss enterprise application platform/4.2.0
- version/redhat jboss enterprise application platform/4.3.0
- version/redhat jboss enterprise application platform/5.0.0
- version/redhat jboss enterprise application platform/5.0.1
- version/redhat jboss enterprise application platform/5.1.0
- version/redhat jboss enterprise application platform/5.1.1
- version/redhat jboss enterprise application platform/5.1.2
- version/redhat jboss enterprise application platform/5.2.0
- version/redhat jboss enterprise application platform/5.2.1
- version/redhat jboss enterprise application platform/5.2.2
- version/redhat jboss enterprise application platform/6.0.0
- canonical/redhat jboss enterprise portal platform
- version/redhat jboss enterprise portal platform/6.0.0
- version/redhat jboss enterprise portal platform/4.3.0
- version/redhat jboss enterprise portal platform/5.0.0
- version/redhat jboss enterprise portal platform/5.0.1
- version/redhat jboss enterprise portal platform/5.1.0
- version/redhat jboss enterprise portal platform/5.1.1
- version/redhat jboss enterprise portal platform/5.2.0
- version/redhat jboss enterprise portal platform/5.2.1
- version/redhat jboss enterprise portal platform/5.2.2