CVE-2012-4549

Publication date 5 January 2013

Last updated 24 July 2024

Ubuntu priority

Medium

Why this priority?

Description

The processInvocation function in org.jboss.as.ejb3.security.AuthorizationInterceptor in JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) before 6.0.1, authorizes all requests when no roles are allowed for an Enterprise Java Beans (EJB) method invocation, which allows attackers to bypass intended access restrictions for EJB methods.

Read the notes from the security team

Status

Package Ubuntu Release Status
jbossas4 18.10 cosmic Not in release
18.04 LTS bionic Not in release
17.10 artful Not in release
17.04 zesty Not in release
16.10 yakkety Not in release
16.04 LTS xenial Not in release
15.10 wily Not in release
15.04 vivid Not in release
14.10 utopic Ignored end of life
14.04 LTS trusty Not in release
13.10 saucy Ignored end of life
13.04 raring Ignored end of life
12.10 quantal Ignored end of life
12.04 LTS precise Ignored end of life
11.10 oneiric Ignored end of life
10.04 LTS lucid Ignored end of life
8.04 LTS hardy Ignored end of life

Notes

ebarretto

only builds a few libraries, not the full application server

References

Other references

Access our resources on patching vulnerabilities