Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Jboss EAP Permissions Privileges and Access Controls Vulnerability - CVE-2012-3369 - Vulnerability Database
Jboss EAP

Jboss EAP Permissions Privileges and Access Controls Vulnerability - CVE-2012-3369

Medium
Reference: CVE-2012-3369
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2012-3369
Title: Jboss EAP Permissions Privileges and Access Controls Vulnerability
Overview:

The CallerIdentityLoginModule in JBoss Enterprise Application Platform (EAP) before 5.2.0 Web Platform (EWP) before 5.2.0 BRMS Platform before 5.3.1 and SOA Platform before 5.3.1 allows remote attackers to gain privileges of the previous user via a null password which causes the previous user39s password to be used.