CVE-2012-0874
EMC Data Protection Advisor DPA Illuminator - EJBInvokerServlet Remote Code Execution
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
The (1) JMXInvokerHAServlet and (2) EJBInvokerHAServlet invoker servlets in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 do not require authentication by default in certain profiles, which might allow remote attackers to invoke MBean methods and execute arbitrary code via unspecified vectors. NOTE: this issue can only be exploited when the interceptor is not properly configured with a "second layer of authentication," or when used in conjunction with other vulnerabilities that bypass this second layer.
Los servlets invocadores (1) JMXInvokerHAServlet y (2) EJBInvokerHAServlet en JBoss Enterprise Application Platform (EAP) anterior a versión 5.2.0, Plataforma Web (EWP) anterior a versión 5.2.0, BRMS Platform anterior a versión 5.3.1, y SOA Platform anterior a versión 5.3.1, no requieren autenticación por defecto en ciertos perfiles, lo que podría permitir a los atacantes remotos invocar métodos MBean y ejecutar código arbitrario por medio de vectores. NOTA: este problema solo puede ser explotado cuando el interceptor no está configurado apropiadamente con una "second layer of authentication", o cuando es usada junto con otras vulnerabilidades que omiten esta segunda capa.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2012-01-19 CVE Reserved
- 2013-01-25 CVE Published
- 2013-12-11 First Exploit
- 2023-08-24 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-287: Improper Authentication
CAPEC
References (20)
URL | Tag | Source |
---|---|---|
http://archives.neohapsis.com/archives/bugtraq/2013-12/0134.html | Mailing List | |
http://securitytracker.com/id?1028042 | Vdb Entry | |
http://www.securityfocus.com/bid/57552 | Vdb Entry | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/81511 | Vdb Entry |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/30211 | 2013-12-11 | |
http://www.exploit-db.com/exploits/30211 | 2024-08-06 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://rhn.redhat.com/errata/RHSA-2013-0191.html | 2023-11-07 | |
http://rhn.redhat.com/errata/RHSA-2013-0192.html | 2023-11-07 | |
http://rhn.redhat.com/errata/RHSA-2013-0193.html | 2023-11-07 | |
http://rhn.redhat.com/errata/RHSA-2013-0194.html | 2023-11-07 | |
http://rhn.redhat.com/errata/RHSA-2013-0195.html | 2023-11-07 | |
http://rhn.redhat.com/errata/RHSA-2013-0196.html | 2023-11-07 | |
http://rhn.redhat.com/errata/RHSA-2013-0197.html | 2023-11-07 | |
http://rhn.redhat.com/errata/RHSA-2013-0198.html | 2023-11-07 | |
http://rhn.redhat.com/errata/RHSA-2013-0221.html | 2023-11-07 | |
http://rhn.redhat.com/errata/RHSA-2013-0533.html | 2023-11-07 | |
http://secunia.com/advisories/51984 | 2023-11-07 | |
http://secunia.com/advisories/52054 | 2023-11-07 | |
https://bugzilla.redhat.com/show_bug.cgi?id=795645 | 2013-02-20 | |
https://access.redhat.com/security/cve/CVE-2012-0874 | 2013-02-20 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Redhat Search vendor "Redhat" | Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform" | 5.2.0 Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "5.2.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Jboss Enterprise Web Platform Search vendor "Redhat" for product "Jboss Enterprise Web Platform" | 5.2.0 Search vendor "Redhat" for product "Jboss Enterprise Web Platform" and version "5.2.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Jboss Enterprise Brms Platform Search vendor "Redhat" for product "Jboss Enterprise Brms Platform" | <= 5.3.0 Search vendor "Redhat" for product "Jboss Enterprise Brms Platform" and version " <= 5.3.0" | - |
Affected
|