CVE-2014-7853

Current Description

The JBoss Application Server (WildFly) JacORB subsystem in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 does not properly assign socket-binding-ref sensitivity classification to the security-domain attribute, which allows remote authenticated users to obtain sensitive information by leveraging access to the security-domain attribute.

Basic Data

PublishedFebruary 13, 2015
Last ModifiedSeptember 08, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-200
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:S/C:P/I:N/A:N
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationSINGLE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score4.0
SeverityMEDIUM
Exploitability Score8.0
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationRedhatJboss Operations Network3.3.1*******
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationRedhatJboss Enterprise Application Platform********6.3.2

Vulnerable Software List

VendorProductVersions
Redhat Jboss Enterprise Application Platform *
Redhat Jboss Operations Network 3.3.1

References

NameSourceURLTags
RHSA-2015:0215http://rhn.redhat.com/errata/RHSA-2015-0215.htmlREDHATVendor Advisory
RHSA-2015:0216http://rhn.redhat.com/errata/RHSA-2015-0216.htmlREDHATVendor Advisory
RHSA-2015:0217http://rhn.redhat.com/errata/RHSA-2015-0217.htmlREDHATVendor Advisory
RHSA-2015:0218http://rhn.redhat.com/errata/RHSA-2015-0218.htmlREDHATVendor Advisory
RHSA-2015:0920http://rhn.redhat.com/errata/RHSA-2015-0920.htmlREDHATVendor Advisory
1031741http://www.securitytracker.com/id/1031741SECTRACK
redhat-jboss-cve20147853-info-disc(100891)https://exchange.xforce.ibmcloud.com/vulnerabilities/100891XF