CVE-2014-7853
Severity CVSS v4.0:
Pending analysis
Type:
CWE-200
Information Leak / Disclosure
Publication date:
13/02/2015
Last modified:
12/04/2025
Description
The JBoss Application Server (WildFly) JacORB subsystem in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 does not properly assign socket-binding-ref sensitivity classification to the security-domain attribute, which allows remote authenticated users to obtain sensitive information by leveraging access to the security-domain attribute.
Impact
Base Score 2.0
4.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:redhat:jboss_operations_network:3.3.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:redhat:jboss_enterprise_application_platform:*:*:*:*:*:*:*:* | 6.3.2 (including) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://rhn.redhat.com/errata/RHSA-2015-0215.html
- http://rhn.redhat.com/errata/RHSA-2015-0216.html
- http://rhn.redhat.com/errata/RHSA-2015-0217.html
- http://rhn.redhat.com/errata/RHSA-2015-0218.html
- http://rhn.redhat.com/errata/RHSA-2015-0920.html
- http://www.securitytracker.com/id/1031741
- https://exchange.xforce.ibmcloud.com/vulnerabilities/100891
- http://rhn.redhat.com/errata/RHSA-2015-0215.html
- http://rhn.redhat.com/errata/RHSA-2015-0216.html
- http://rhn.redhat.com/errata/RHSA-2015-0217.html
- http://rhn.redhat.com/errata/RHSA-2015-0218.html
- http://rhn.redhat.com/errata/RHSA-2015-0920.html
- http://www.securitytracker.com/id/1031741
- https://exchange.xforce.ibmcloud.com/vulnerabilities/100891