Red Hat JBoss Enterprise Application Platform (EAP) before 6.1.0 and JBoss Portal before 6.1.0 does not load the implementation of a custom authorization module for a new application when an implementation is already loaded and the modules share class names, which allows local users to control certain applications authorization decisions via a crafted application.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Jboss_enterprise_application_platform | Redhat | * | 6.0.1 (including) |
Jboss_enterprise_application_platform | Redhat | 4.2.0 (including) | 4.2.0 (including) |
Jboss_enterprise_application_platform | Redhat | 4.3.0 (including) | 4.3.0 (including) |
Jboss_enterprise_application_platform | Redhat | 5.0.0 (including) | 5.0.0 (including) |
Jboss_enterprise_application_platform | Redhat | 5.0.1 (including) | 5.0.1 (including) |
Jboss_enterprise_application_platform | Redhat | 5.1.0 (including) | 5.1.0 (including) |
Jboss_enterprise_application_platform | Redhat | 5.1.1 (including) | 5.1.1 (including) |
Jboss_enterprise_application_platform | Redhat | 5.1.2 (including) | 5.1.2 (including) |
Jboss_enterprise_application_platform | Redhat | 5.2.0 (including) | 5.2.0 (including) |
Jboss_enterprise_application_platform | Redhat | 5.2.1 (including) | 5.2.1 (including) |
Jboss_enterprise_application_platform | Redhat | 5.2.2 (including) | 5.2.2 (including) |
Jboss_enterprise_application_platform | Redhat | 6.0.0 (including) | 6.0.0 (including) |