Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-4944

[8.x] CVE-2014-7853 JacORB Subsystem: Information disclosure via incorrect sensitivity classification of attribute

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Done
    • Affects Version/s: 8.0.0.Final, 8.1.0.Final, 8.2.0.Final
    • Fix Version/s: 8.2.1.Final
    • Component/s: IIOP
    • Labels:
      None

      Description

      This is the 8.x version of WFLY-4341.

      It was discovered that the JacORB subsystem incorrectly assigned socket-binding-ref sensitivity classification for the security-domain attribute. An authenticated user with a role that has access to attributes with socket-binding-ref and not security-domain-ref sensitivity classification could use this flaw to access sensitive information present in the security-domain attribute.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  brian.stansberry Brian Stansberry
                  Reporter:
                  brian.stansberry Brian Stansberry
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  1 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: