Information disclosure in Redhat Jboss_enterprise_application_platform

CVE-2014-7853

The JBoss Application Server (WildFly) JacORB subsystem in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 does not properly assign socket-binding-ref sensitivity classification to the security-domain attribute, which allo…

Vulnerability class: Information Disclosure

EPSS: 0.004 (62.8th percentile) — read the EPSS interpretation.

Affected products

Redhat Jboss_enterprise_application_platform
Redhat Jboss_operations_network — versions 3.3.1
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

redhat-jboss-cve20147853-info-disc(100891) (vdb-entry, x_refsource_XF)
RHSA-2015:0920 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
RHSA-2015:0215 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
RHSA-2015:0217 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
RHSA-2015:0218 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
RHSA-2015:0216 (x_refsource_REDHAT, vendor-advisory, Vendor Advisory)
1031741 (vdb-entry, x_refsource_SECTRACK)