CVE-2007-1354

Severity Score

6.6

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The Access Control functionality (JMXOpsAccessControlFilter) in JMX Console in JBoss Application Server 4.0.2 and 4.0.5 before 20070416 uses a member variable to store the roles of the current user, which allows remote authenticated administrators to trigger a race condition and gain privileges by logging in during a session by a more privileged administrator, as demonstrated by privilege escalation from Read Mode to Write Mode.

La funcionalidad Control de Acceso (JMXOpsAccessControlFilter) en JMX Console de JBoss Application Server 4.0.2 y 4.0.5 versiones anteriores a 20070416 utiliza una variable miembro para almacenar los roles del usuario actual, lo cual permite a administradores remotos autenticados disparar una condición de carrera y obtener privilegios al identificarse en una sesión, por los de otro administrador con más privilegios, como se demuestra con un escalado de privilegios de Modo Lectura a Modo Escritura.

*Credits: N/A

Attack Vector

Network

Attack Complexity

High

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Medium

Authentication

Single

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2007-03-08 CVE Reserved
2007-07-27 CVE Published
2024-05-30 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (7)

URL	Tag	Source
http://osvdb.org/46765	Vdb Entry

URL	Date	SRC

URL	Date	SRC
http://jira.jboss.com/jira/browse/ASPATCH-172	2008-11-13
http://jira.jboss.com/jira/browse/ASPATCH-175	2008-11-13
http://rhn.redhat.com/errata/RHSA-2007-0151.html	2008-11-13
http://www.redhat.com/archives/jboss-watch-list/2007-April/msg00000.html	2008-11-13

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2007-1354	2007-04-16
https://bugzilla.redhat.com/show_bug.cgi?id=1618298	2007-04-16

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Jboss Search vendor "Jboss"		Jboss Application Server Search vendor "Jboss" for product "Jboss Application Server"				4.0.2.ga_cp02 Search vendor "Jboss" for product "Jboss Application Server" and version "4.0.2.ga_cp02"		-		Affected
Jboss Search vendor "Jboss"		Jboss Application Server Search vendor "Jboss" for product "Jboss Application Server"				4.0.2.ga_cp03 Search vendor "Jboss" for product "Jboss Application Server" and version "4.0.2.ga_cp03"		-		Affected
Jboss Search vendor "Jboss"		Jboss Application Server Search vendor "Jboss" for product "Jboss Application Server"				4.0.2.ga_cp04 Search vendor "Jboss" for product "Jboss Application Server" and version "4.0.2.ga_cp04"		-		Affected
Jboss Search vendor "Jboss"		Jboss Application Server Search vendor "Jboss" for product "Jboss Application Server"				4.0.5.ga Search vendor "Jboss" for product "Jboss Application Server" and version "4.0.5.ga"		-		Affected
Jboss Search vendor "Jboss"		Jboss Application Server Search vendor "Jboss" for product "Jboss Application Server"				4.0.5_cp01 Search vendor "Jboss" for product "Jboss Application Server" and version "4.0.5_cp01"		-		Affected
Jboss Search vendor "Jboss"		Jboss Application Server Search vendor "Jboss" for product "Jboss Application Server"				4.0.5_cp02 Search vendor "Jboss" for product "Jboss Application Server" and version "4.0.5_cp02"		-		Affected