Uploaded image for project: 'JBoss Enterprise Application Platform 4 and 5'
  1. JBoss Enterprise Application Platform 4 and 5
  2. JBPAPP-5322

web-console authentication bypass

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Critical Critical
    • 4.3.0.GA_CP09
    • 4.3.0.GA_CP09
    • Web
    • None
    • Not Required

      This security issue has not been fixed in web-console EAP 4.3.0_CP09_CR1 release. It's regression against EAP 4.3.0_CP08 where it was fixed.

      http://hudson.qa.jboss.com/hudson/view/EAP%204.3/job/eap43-as-secured/3/

      These 3 files should be fixed in JBPAPP_4_2_0_GA_CP branch:
      ./console/src/resources/webconsole.war/WEB-INF/web.xml
      ./ejb3/src/resources/test-configs/cc/deploy/management/console-mgr.sar/web-console.war/WEB-INF/web.xml
      ./testsuite/src/resources/test-configs/cc/deploy/management/console-mgr.sar/web-console.war/WEB-INF/web.xml

              mbenitez@redhat.com Martha Benitez
              rsvoboda@redhat.com Rostislav Svoboda
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Created:
                Updated:
                Resolved: