CVE-2014-0018
jboss-as-server: Unchecked access to MSC Service Registry under JSM
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.0 and JBoss WildFly Application Server, when run under a security manager, do not properly restrict access to the Modular Service Container (MSC) service registry, which allows local users to modify the server via a crafted deployment.
Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.0 y JBoss WildFly Application Server, cuando es ejecutado bajo un gestor de seguridad, no restringe debidamente el acceso al registro del servicio Modular Service Container (MSC), lo que permite a usuarios locales modificar el servidor a través de una implementación manipulada.
In Red Hat JBoss Enterprise Application Platform, when running under a security manager, it was possible for deployed code to get access to the Modular Service Container (MSC) service registry without any permission checks. This could allow malicious deployments to modify the internal state of the server in various ways.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2013-12-03 CVE Reserved
- 2014-02-13 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/65591 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2014-0170.html | 2017-01-07 | |
| http://rhn.redhat.com/errata/RHSA-2014-0171.html | 2017-01-07 | |
| http://rhn.redhat.com/errata/RHSA-2014-0172.html | 2017-01-07 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1052783 | 2015-05-14 | |
| https://access.redhat.com/security/cve/CVE-2014-0018 | 2015-05-14 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Redhat Search vendor "Redhat" | Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform" | 6.2.0 Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "6.2.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Jboss Wildfly Application Server Search vendor "Redhat" for product "Jboss Wildfly Application Server" | - | - |
Affected
| ||||||