CVE-2014-8122

Current Description

Race condition in JBoss Weld before 2.2.8 and 3.x before 3.0.0 Alpha3 allows remote attackers to obtain information from a previous conversation via vectors related to a stale thread state.

Basic Data

PublishedFebruary 13, 2015
Last ModifiedSeptember 08, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-362
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:P/I:N/A:N
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score4.3
SeverityMEDIUM
Exploitability Score8.6
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationRedhatJboss Weld********2.2.7
    2.3ApplicationRedhatJboss Weld3.0.0alpha1******
    2.3ApplicationRedhatJboss Weld3.0.0alpha2******

Vulnerable Software List

VendorProductVersions
Redhat Jboss Weld *, 3.0.0

References

NameSourceURLTags
RHSA-2015:0215http://rhn.redhat.com/errata/RHSA-2015-0215.htmlREDHATVendor Advisory
RHSA-2015:0216http://rhn.redhat.com/errata/RHSA-2015-0216.htmlREDHATVendor Advisory
RHSA-2015:0217http://rhn.redhat.com/errata/RHSA-2015-0217.htmlREDHATVendor Advisory
RHSA-2015:0218http://rhn.redhat.com/errata/RHSA-2015-0218.htmlREDHATVendor Advisory
RHSA-2015:0675http://rhn.redhat.com/errata/RHSA-2015-0675.htmlREDHAT
RHSA-2015:0773http://rhn.redhat.com/errata/RHSA-2015-0773.htmlREDHAT
RHSA-2015:0850http://rhn.redhat.com/errata/RHSA-2015-0850.htmlREDHAT
RHSA-2015:0851http://rhn.redhat.com/errata/RHSA-2015-0851.htmlREDHAT
RHSA-2015:0920http://rhn.redhat.com/errata/RHSA-2015-0920.htmlREDHAT
74252http://www.securityfocus.com/bid/74252BID
1031741http://www.securitytracker.com/id/1031741SECTRACK
redhat-jboss-cve20148122-info-disc(100892)https://exchange.xforce.ibmcloud.com/vulnerabilities/100892XF
https://github.com/victims/victims-cve-db/blob/master/database/java/2014/8122.yamlhttps://github.com/victims/victims-cve-db/blob/master/database/java/2014/8122.yamlMISC
https://github.com/weld/core/commit/29fd1107fd30579ad9bb23fae4dc3ba464205745https://github.com/weld/core/commit/29fd1107fd30579ad9bb23fae4dc3ba464205745CONFIRM
https://github.com/weld/core/commit/6808b11cd6d97c71a2eed754ed4f955acd789086https://github.com/weld/core/commit/6808b11cd6d97c71a2eed754ed4f955acd789086CONFIRM
https://github.com/weld/core/commit/8e413202fa1af08c09c580f444e4fd16874f9c65https://github.com/weld/core/commit/8e413202fa1af08c09c580f444e4fd16874f9c65CONFIRM