CVE-2014-0005

PicketBox and JBossSX, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2 and JBoss BRMS before 6.0.3 roll up patch 2, allows remote authenticated users to read and modify the application sever configuration and state by deploying a crafted application.

CVSS v2.0 3.6 LOW

3.6^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:N

Exploitability : 3.9 / Impact : 4.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://rhn.redhat.com/errata/RHSA-2014-0345.html	Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2014-0343.html	Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2014-0344.html	Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2015-0235.html	Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2015-0234.html	Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2015-0720.html

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:redhat:jboss_enterprise_brms_platform::::::::
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.2.2:::::::*

Information

Published : 2015-02-20 08:59

Updated : 2015-03-27 18:59

NVD link : CVE-2014-0005

Mitre link : CVE-2014-0005

JSON object : View

CWE

CWE-264

Permissions, Privileges, and Access Controls

Advertisement

Products Affected

redhat

jboss_enterprise_brms_platform
jboss_enterprise_application_platform

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://rhn.redhat.com/errata/RHSA-2014-0345.html", "name": "RHSA-2014:0345", "tags": ["Vendor Advisory"], "refsource": "REDHAT"}, {"url": "http://rhn.redhat.com/errata/RHSA-2014-0343.html", "name": "RHSA-2014:0343", "tags": ["Vendor Advisory"], "refsource": "REDHAT"}, {"url": "http://rhn.redhat.com/errata/RHSA-2014-0344.html", "name": "RHSA-2014:0344", "tags": ["Vendor Advisory"], "refsource": "REDHAT"}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-0235.html", "name": "RHSA-2015:0235", "tags": ["Vendor Advisory"], "refsource": "REDHAT"}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-0234.html", "name": "RHSA-2015:0234", "tags": ["Vendor Advisory"], "refsource": "REDHAT"}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html", "name": "RHSA-2015:0720", "tags": [], "refsource": "REDHAT"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "PicketBox and JBossSX, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2 and JBoss BRMS before 6.0.3 roll up patch 2, allows remote authenticated users to read and modify the application sever configuration and state by deploying a crafted application."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-264"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2014-0005", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 3.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "LOW", "impactScore": 4.9, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2015-02-20T16:59Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_brms_platform:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "6.0.3"}, {"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2015-03-28T01:59Z"}