Red Hat JBoss Operations Network (JON) before 2.4.2 and 3.0.x before 3.0.1 does not check the JON agent key, which allows remote attackers to spoof the identity of arbitrary agents via the registered agent name.
References
Link | Resource |
---|---|
http://rhn.redhat.com/errata/RHSA-2012-0089.html | Vendor Advisory |
http://rhn.redhat.com/errata/RHSA-2012-0406.html | Vendor Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=781964 | |
http://rhn.redhat.com/errata/RHSA-2012-0089.html | Vendor Advisory |
http://rhn.redhat.com/errata/RHSA-2012-0406.html | Vendor Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=781964 |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 01:34
Type | Values Removed | Values Added |
---|---|---|
References | () http://rhn.redhat.com/errata/RHSA-2012-0089.html - Vendor Advisory | |
References | () http://rhn.redhat.com/errata/RHSA-2012-0406.html - Vendor Advisory | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=781964 - |
Information
Published : 2014-02-14 15:55
Updated : 2024-11-21 01:34
NVD link : CVE-2012-0052
Mitre link : CVE-2012-0052
CVE.ORG link : CVE-2012-0052
JSON object : View
Products Affected
redhat
- jboss_operations_network
CWE
CWE-20
Improper Input Validation