[jboss-jira] [JBoss JIRA] (WFLY-4944) [8.x] CVE-2014-7853 JacORB Subsystem: Information disclosure via incorrect sensitivity classification of attribute
Jason Greene (JIRA)
issues at jboss.org
Fri Jul 24 00:12:02 EDT 2015
[ https://issues.jboss.org/browse/WFLY-4944?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jason Greene updated WFLY-4944:
-------------------------------
Security: (was: Security Issue)
> [8.x] CVE-2014-7853 JacORB Subsystem: Information disclosure via incorrect sensitivity classification of attribute
> ------------------------------------------------------------------------------------------------------------------
>
> Key: WFLY-4944
> URL: https://issues.jboss.org/browse/WFLY-4944
> Project: WildFly
> Issue Type: Bug
> Components: IIOP
> Affects Versions: 8.0.0.Final, 8.1.0.Final, 8.2.0.Final
> Reporter: Brian Stansberry
> Assignee: Brian Stansberry
> Fix For: 8.2.1.Final
>
>
> This is the 8.x version of WFLY-4341.
> It was discovered that the JacORB subsystem incorrectly assigned socket-binding-ref sensitivity classification for the security-domain attribute. An authenticated user with a role that has access to attributes with socket-binding-ref and not security-domain-ref sensitivity classification could use this flaw to access sensitive information present in the security-domain attribute.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
More information about the jboss-jira
mailing list