Vulnerability Details CVE-2014-0018
Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.0 and JBoss WildFly Application Server, when run under a security manager, do not properly restrict access to the Modular Service Container (MSC) service registry, which allows local users to modify the server via a crafted deployment.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 19.8%
CVSS Severity
CVSS v2 Score 1.9
References
- http://rhn.redhat.com/errata/RHSA-2014-0170.html
- http://rhn.redhat.com/errata/RHSA-2014-0171.html
- http://rhn.redhat.com/errata/RHSA-2014-0172.html
- http://www.securityfocus.com/bid/65591
- https://bugzilla.redhat.com/show_bug.cgi?id=1052783
- http://rhn.redhat.com/errata/RHSA-2014-0170.html
- http://rhn.redhat.com/errata/RHSA-2014-0171.html
- http://rhn.redhat.com/errata/RHSA-2014-0172.html
- http://www.securityfocus.com/bid/65591
- https://bugzilla.redhat.com/show_bug.cgi?id=1052783
Products affected by CVE-2014-0018
-
cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.2.0
-
cpe:2.3:a:redhat:jboss_wildfly_application_server:-