JBoss Enterprise Application Platform CVE-2014-3464 Authorization Security Bypass Vulnerability

Bugtraq ID:	69332
Class:	Design Error
CVE:	CVE-2014-3464
Remote:	Yes
Local:	No
Published:	Aug 21 2014 12:00AM
Updated:	Aug 21 2014 12:00AM
Credit:	The vendor reported this issue.
Vulnerable:
Not Vulnerable:

JBoss Enterprise Application Platform CVE-2014-3464 Authorization Security Bypass Vulnerability

JBoss Enterprise Application Platform is prone to a security-bypass vulnerability.

An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks.

Note: This issue is the result of an incomplete fix for the issue described in 64125 (JBoss Enterprise Application Platform CVE-2013-2133 Authorization Security Bypass Vulnerability)

JBoss Enterprise Application Platform CVE-2014-3464 Authorization Security Bypass Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

JBoss Enterprise Application Platform CVE-2014-3464 Authorization Security Bypass Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

JBoss Enterprise Application Platform CVE-2014-3464 Authorization Security Bypass Vulnerability

References:

• JBoss Enterprise Application Platform Homepage (Red Hat)