RHSA-2007_0151

Vulnerability from csaf_redhat - Published: 2007-04-16 14:38 - Updated: 2024-11-22 00:58
Summary
Red Hat Security Advisory: JBoss Application Server security update

Notes

Topic
Updated versions of JBoss Application Server that fix a security issue are now available. This update has been rated as having low security impact by the Red Hat Security Response Team.
Details
The JBoss Application Server is a powerful J2EE application server. A flaw was found in the JMX Console fine-grained Access Control feature. An administrator with 'Read Mode' privileges to the JMX service could gain additional privileges if another administrator who had 'Write Mode' privileges was logged into and accessed the console at the same time. (CVE-2007-1354) Note: Fine-grained Access Control was first added to JBoss Application Server in June 2006; earlier versions are not affected by this issue. Known vulnerable versions include: JBoss AS 4.0.2.GA_CP02, 4.0.2.GA_CP03, 4.0.2.GA_CP04, 4.0.5.GA, 4.0.5_CP01, and 4.0.5_CP02. This vulnerability is rectified and does not affect JBoss AS releases 5.0.0.Beta2, 4.2.0.GA, 4.0.5.SP1, 3.2.8.SP2, and cumulative patches 4.0.5.GA_CP03, 4.0.2.GA_CP05, 4.0.4.GA_CP06, 4.0.3.SP1_CP05, and 3.2.8.SP1_CP01. Users with an affected installation of JBoss Application Server who rely on granting read-only privileges to the console should upgrade to one of these updated versions.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
To clipboard 

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Low"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated versions of JBoss Application Server that fix a security issue are\nnow available.\n\nThis update has been rated as having low security impact by the Red Hat\nSecurity Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The JBoss Application Server is a powerful J2EE application server.\n\nA flaw was found in the JMX Console fine-grained Access Control feature.\nAn administrator with \u0027Read Mode\u0027 privileges to the JMX service could\ngain additional privileges if another administrator who had \u0027Write Mode\u0027\nprivileges was logged into and accessed the console at the same time.\n(CVE-2007-1354)\n\nNote: Fine-grained Access Control was first added to JBoss Application\nServer in June 2006; earlier versions are not affected by this issue.\n\nKnown vulnerable versions include: JBoss AS 4.0.2.GA_CP02, 4.0.2.GA_CP03,\n4.0.2.GA_CP04, 4.0.5.GA, 4.0.5_CP01, and 4.0.5_CP02.\n\nThis vulnerability is rectified and does not affect JBoss AS releases\n5.0.0.Beta2, 4.2.0.GA, 4.0.5.SP1, 3.2.8.SP2, and cumulative patches\n4.0.5.GA_CP03, 4.0.2.GA_CP05, 4.0.4.GA_CP06, 4.0.3.SP1_CP05, and\n3.2.8.SP1_CP01.\n\nUsers with an affected installation of JBoss Application Server who rely on\ngranting read-only privileges to the console should upgrade to one of these\nupdated versions.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2007:0151",
        "url": "https://access.redhat.com/errata/RHSA-2007:0151"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#low",
        "url": "https://access.redhat.com/security/updates/classification/#low"
      },
      {
        "category": "external",
        "summary": "http://jira.jboss.com/jira/browse/ASPATCH-172",
        "url": "http://jira.jboss.com/jira/browse/ASPATCH-172"
      },
      {
        "category": "external",
        "summary": "http://jira.jboss.com/jira/browse/ASPATCH-175",
        "url": "http://jira.jboss.com/jira/browse/ASPATCH-175"
      },
      {
        "category": "external",
        "summary": "http://wiki.jboss.org/wiki/Wiki.jsp?page=AccessControlForJMXConsole",
        "url": "http://wiki.jboss.org/wiki/Wiki.jsp?page=AccessControlForJMXConsole"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2007/rhsa-2007_0151.json"
      }
    ],
    "title": "Red Hat Security Advisory: JBoss Application Server security update",
    "tracking": {
      "current_release_date": "2024-11-22T00:58:36+00:00",
      "generator": {
        "date": "2024-11-22T00:58:36+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2007:0151",
      "initial_release_date": "2007-04-16T14:38:00+00:00",
      "revision_history": [
        {
          "date": "2007-04-16T14:38:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2007-04-16T10:38:41+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T00:58:36+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "JBoss Application Server 4",
                "product": {
                  "name": "JBoss Application Server 4",
                  "product_id": "JBoss Application Server 4",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_application_server:4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss Application Server"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2007-1354",
      "discovery_date": "2007-03-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1618298"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The Access Control functionality (JMXOpsAccessControlFilter) in JMX Console in JBoss Application Server 4.0.2 and 4.0.5 before 20070416 uses a member variable to store the roles of the current user, which allows remote authenticated administrators to trigger a race condition and gain privileges by logging in during a session by a more privileged administrator, as demonstrated by privilege escalation from Read Mode to Write Mode.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "JBoss Application Server 4"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-1354"
        },
        {
          "category": "external",
          "summary": "RHBZ#1618298",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618298"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-1354",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-1354"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-1354",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1354"
        }
      ],
      "release_date": "2007-04-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2007-04-16T14:38:00+00:00",
          "details": "Updates are available from the JBoss Customer Support Portal (CSP)\nat https://network.jboss.com/",
          "product_ids": [
            "JBoss Application Server 4"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2007:0151"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "security flaw"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.