CVE-2007-1354

Severity Score

6.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The Access Control functionality (JMXOpsAccessControlFilter) in JMX Console in JBoss Application Server 4.0.2 and 4.0.5 before 20070416 uses a member variable to store the roles of the current user, which allows remote authenticated administrators to trigger a race condition and gain privileges by logging in during a session by a more privileged administrator, as demonstrated by privilege escalation from Read Mode to Write Mode.

La funcionalidad Control de Acceso (JMXOpsAccessControlFilter) en JMX Console de JBoss Application Server 4.0.2 y 4.0.5 versiones anteriores a 20070416 utiliza una variable miembro para almacenar los roles del usuario actual, lo cual permite a administradores remotos autenticados disparar una condición de carrera y obtener privilegios al identificarse en una sesión, por los de otro administrador con más privilegios, como se demuestra con un escalado de privilegios de Modo Lectura a Modo Escritura.

*Credits: N/A

CVSS Scores

NISTv2 6.0

Attack Vector

Network

Attack Complexity

Medium

Authentication

Single

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2007-03-08 CVE Reserved
2007-07-27 CVE Published
2024-05-30 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CAPEC

References (7)

URL	Tag	Source
http://osvdb.org/46765	Vdb Entry

URL	Date	SRC

URL	Date	SRC
http://jira.jboss.com/jira/browse/ASPATCH-172	2008-11-13
http://jira.jboss.com/jira/browse/ASPATCH-175	2008-11-13
http://rhn.redhat.com/errata/RHSA-2007-0151.html	2008-11-13
http://www.redhat.com/archives/jboss-watch-list/2007-April/msg00000.html	2008-11-13

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2007-1354	2007-04-16
https://bugzilla.redhat.com/show_bug.cgi?id=1618298	2007-04-16

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Jboss Search vendor "Jboss"		Jboss Application Server Search vendor "Jboss" for product "Jboss Application Server"				4.0.2.ga_cp02 Search vendor "Jboss" for product "Jboss Application Server" and version "4.0.2.ga_cp02"		-		Affected
Jboss Search vendor "Jboss"		Jboss Application Server Search vendor "Jboss" for product "Jboss Application Server"				4.0.2.ga_cp03 Search vendor "Jboss" for product "Jboss Application Server" and version "4.0.2.ga_cp03"		-		Affected
Jboss Search vendor "Jboss"		Jboss Application Server Search vendor "Jboss" for product "Jboss Application Server"				4.0.2.ga_cp04 Search vendor "Jboss" for product "Jboss Application Server" and version "4.0.2.ga_cp04"		-		Affected
Jboss Search vendor "Jboss"		Jboss Application Server Search vendor "Jboss" for product "Jboss Application Server"				4.0.5.ga Search vendor "Jboss" for product "Jboss Application Server" and version "4.0.5.ga"		-		Affected
Jboss Search vendor "Jboss"		Jboss Application Server Search vendor "Jboss" for product "Jboss Application Server"				4.0.5_cp01 Search vendor "Jboss" for product "Jboss Application Server" and version "4.0.5_cp01"		-		Affected
Jboss Search vendor "Jboss"		Jboss Application Server Search vendor "Jboss" for product "Jboss Application Server"				4.0.5_cp02 Search vendor "Jboss" for product "Jboss Application Server" and version "4.0.5_cp02"		-		Affected