CVE-2015-5304
Description
Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.5 does not properly authorize access to shut down the server, which allows remote authenticated users with the Monitor, Deployer, or Auditor role to cause a denial of service via unspecified vectors.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: secalert@redhat.com — https://bugzilla.redhat.com/show_bug.cgi?id=1273046
Vendor advisory: secalert@redhat.com — http://rhn.redhat.com/errata/RHSA-2015-2542.html
Vendor advisory: secalert@redhat.com — http://rhn.redhat.com/errata/RHSA-2015-2541.html
Vendor advisory: secalert@redhat.com — http://rhn.redhat.com/errata/RHSA-2015-2540.html
Vendor advisory: secalert@redhat.com — http://rhn.redhat.com/errata/RHSA-2015-2539.html
Vendor advisory: secalert@redhat.com — http://rhn.redhat.com/errata/RHSA-2015-2538.html
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| redhat | jboss_enterprise_application_platform | {"endIncluding":"6.4.4"} | |
References
- http://rhn.redhat.com/errata/RHSA-2015-2538.html
- http://rhn.redhat.com/errata/RHSA-2015-2539.html
- http://rhn.redhat.com/errata/RHSA-2015-2540.html
- http://rhn.redhat.com/errata/RHSA-2015-2541.html
- http://rhn.redhat.com/errata/RHSA-2015-2542.html
- http://www.securitytracker.com/id/1034280
- https://bugzilla.redhat.com/show_bug.cgi?id=1273046
- http://rhn.redhat.com/errata/RHSA-2015-2538.html
- http://rhn.redhat.com/errata/RHSA-2015-2539.html
- http://rhn.redhat.com/errata/RHSA-2015-2540.html
- http://rhn.redhat.com/errata/RHSA-2015-2541.html
- http://rhn.redhat.com/errata/RHSA-2015-2542.html
- http://www.securitytracker.com/id/1034280
- https://bugzilla.redhat.com/show_bug.cgi?id=1273046
CWEs
CWE-264
Verify integrity in audit chain (admin only). AS-IS.