Auth bypass in Redhat Jboss_enterprise_application_platform

CVE-2012-0874

The (1) JMXInvokerHAServlet and (2) EJBInvokerHAServlet invoker servlets in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 do not require…

Vulnerability class: Broken Authentication

EPSS: 0.513 (97.9th percentile) — read the EPSS interpretation.

Affected products

Redhat Jboss_enterprise_application_platform — versions 5.2.0
Redhat Jboss_enterprise_brms_platform
Redhat Jboss_enterprise_web_platform — versions 5.2.0
N/a — versions n/a

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

RHSA-2013:0192 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
RHSA-2013:0198 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
RHSA-2013:0195 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
RHSA-2013:0221 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
RHSA-2013:0196 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
57552 (vdb-entry, x_refsource_BID)
RHSA-2013:0193 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
51984 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
1028042 (vdb-entry, x_refsource_SECTRACK)
52054 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)