CVE-2012-2312

{"id": "CVE-2012-2312", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2019-12-18T18:15:15.677", "references": [{"url": "https://access.redhat.com/security/cve/cve-2012-2312", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2312", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://security-tracker.debian.org/tracker/CVE-2012-2312", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/security/cve/cve-2012-2312", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2312", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security-tracker.debian.org/tracker/CVE-2012-2312", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-269"}]}], "descriptions": [{"lang": "en", "value": "An Elevated Privileges issue exists in JBoss AS 7 Community Release due to the improper implementation in the security context propagation, A threat gets reused from the thread pool that still retains the security context from the process last used, which lets a local user obtain elevated privileges."}, {"lang": "es", "value": "Se presenta un problema de privilegios elevados en JBoss AS 7 Community Release, debido a la implementaci\u00f3n inapropiada en la propagaci\u00f3n del contexto de seguridad. Se reutiliza una amenaza del grupo de hilos (subprocesos) que a\u00fan conserva el contexto de seguridad del \u00faltimo proceso utilizado, lo que permite a un usuario local obtener privilegios elevados."}], "lastModified": "2024-11-21T01:38:51.913", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:jboss_application_server:7.1.0:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "C257394F-F187-4785-8716-9281DDAA6494"}, {"criteria": "cpe:2.3:a:redhat:jboss_application_server:7.1.1:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "296F4B0F-50D0-49F6-8EF4-80AC8EBB1F55"}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:beta:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9444B161-7249-4D9A-B449-92FC8AD952B8"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}