CVE-2012-2312

Published: Dic 18, 2019 Last Modified: Nov 21, 2024 EU-VD ID: EUVD-2012-2305 Aliases: GSD-2012-2312
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 7,8
Source: [email protected]
Attack Vector: local
Attack Complexity: low
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
MEDIUM 4,6
Source: [email protected]
Access Vector: local
Access Complexity: low
Authentication: none
Confidentiality: partial
Integrity: partial
Availability: partial

Description

AI Translation Available

An Elevated Privileges issue exists in JBoss AS 7 Community Release due to the improper implementation in the security context propagation, A threat gets reused from the thread pool that still retains the security context from the process last used, which lets a local user obtain elevated privileges.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0004
Percentile
0,1th
Updated

EPSS Score Trend (Last 91 Days)

269

Improper Privilege Management

Draft
Abstraction: Class Structure: Simple
Common Consequences
Security Scopes Affected:
Access Control
Potential Impacts:
Gain Privileges Or Assume Identity
Applicable Platforms
All platforms may be affected
Likelihood of Exploit: Medium
View CWE Details
Application

Jboss Application Server by Redhat

Product Information
Vendor Redhat
Product Jboss Application Server
Version 7.1.1
cpe:2.3:a:redhat:jboss_application_server:7.1.1:*:*:*:community:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Jboss Enterprise Application Platform by Redhat

Product Information
Vendor Redhat
Product Jboss Enterprise Application Platform
Version 6.0.0
cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:beta:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Jboss Application Server by Redhat

Product Information
Vendor Redhat
Product Jboss Application Server
Version 7.1.0
cpe:2.3:a:redhat:jboss_application_server:7.1.0:*:*:*:community:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://access.redhat.com/security/cve/cve-2012-2312
Vendor Advisory
https://access.redhat.com/security/cve/cve-2012-2312
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2312
Issue Tracking Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2312
https://security-tracker.debian.org/tracker/CVE-2012-2312
Third Party Advisory
https://security-tracker.debian.org/tracker/CVE-2012-2312
https://access.redhat.com/security/cve/cve-2012-2312
Vendor Advisory
https://access.redhat.com/security/cve/cve-2012-2312
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2312
Issue Tracking Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2312
https://security-tracker.debian.org/tracker/CVE-2012-2312
Third Party Advisory
https://security-tracker.debian.org/tracker/CVE-2012-2312