What is the severity of REDHAT-BUG-1160574?

The severity of REDHAT-BUG-1160574 is classified as moderate.

How do I fix REDHAT-BUG-1160574?

To fix REDHAT-BUG-1160574, you should update your JBoss Application Server to the latest available version provided by Red Hat.

What systems are affected by REDHAT-BUG-1160574?

REDHAT-BUG-1160574 affects the JBoss Application Server when handling undefined security domains.

Can REDHAT-BUG-1160574 lead to unauthorized access?

Yes, REDHAT-BUG-1160574 can potentially allow users with valid credentials in the default domain access to resources they should not have access to.

Is there a workaround for REDHAT-BUG-1160574?

Currently, there is no official workaround for REDHAT-BUG-1160574 aside from applying the necessary updates.

Vulnerability/
REDHAT-BUG-1160574

low

5/11/2014

12/5/2023

REDHAT-BUG-1160574

First published: Wed Nov 05 2014(Updated: )

It was discovered that when dealing with undefined security domains, the org.jboss.security.plugins.mapping.JBossMappingManager implementation would fall back to the default security domain if available. A user with valid credentials in the defined default domain, with a role that is valid in the expected application domain, can perform actions that was otherwise not available to them. When using the SAML2 STS Login Module, JBossMappingManager exposes this issue since PicketLink Trust SecurityActions implementation use a hardcoded default value when defining the context.

Affected Software	Affected Version	How to fix
JBoss Application Server

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of REDHAT-BUG-1160574?
The severity of REDHAT-BUG-1160574 is classified as moderate.
How do I fix REDHAT-BUG-1160574?
To fix REDHAT-BUG-1160574, you should update your JBoss Application Server to the latest available version provided by Red Hat.
What systems are affected by REDHAT-BUG-1160574?
REDHAT-BUG-1160574 affects the JBoss Application Server when handling undefined security domains.
Can REDHAT-BUG-1160574 lead to unauthorized access?
Yes, REDHAT-BUG-1160574 can potentially allow users with valid credentials in the default domain access to resources they should not have access to.
Is there a workaround for REDHAT-BUG-1160574?
Currently, there is no official workaround for REDHAT-BUG-1160574 aside from applying the necessary updates.

collector/redhat-bugzilla
alias/CVE-2014-7827
agent/type
agent/last-modified-date
agent/first-publish-date
agent/severity
agent/references
agent/description
agent/event
agent/softwarecombine
agent/tags
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/jboss
canonical/jboss application server

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.