[jboss-jira] [JBoss JIRA] (WFLY-4341) CVE-2014-7853 JacORB Subsystem: Information disclosure via incorrect sensitivity classification of attribute
Brian Stansberry (JIRA)
issues at jboss.org
Thu Feb 12 15:51:49 EST 2015
[ https://issues.jboss.org/browse/WFLY-4341?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Brian Stansberry updated WFLY-4341:
-----------------------------------
Summary: CVE-2014-7853 JacORB Subsystem: Information disclosure via incorrect sensitivity classification of attribute (was: CVE-2014-7853 JBoss AS/WildFly JacORB Subsystem: Information disclosure via incorrect sensitivity classification of attribute)
> CVE-2014-7853 JacORB Subsystem: Information disclosure via incorrect sensitivity classification of attribute
> ------------------------------------------------------------------------------------------------------------
>
> Key: WFLY-4341
> URL: https://issues.jboss.org/browse/WFLY-4341
> Project: WildFly
> Issue Type: Bug
> Components: IIOP
> Affects Versions: 8.0.0.Final, 8.1.0.Final, 8.2.0.Final, 9.0.0.Alpha1
> Reporter: Brian Stansberry
> Assignee: Brian Stansberry
> Fix For: 9.0.0.Beta1
>
>
> It was discovered that the JacORB subsystem incorrectly assigned socket-binding-ref sensitivity classification for the security-domain attribute. An authenticated user with a role that has access to attributes with socket-binding-ref and not security-domain-ref sensitivity classification could use this flaw to access sensitive information present in the security-domain attribute.
--
This message was sent by Atlassian JIRA
(v6.3.11#6341)
More information about the jboss-jira
mailing list