CVE-2012-2312

An Elevated Privileges issue exists in JBoss AS 7 Community Release due to the improper implementation in the security context propagation, A threat gets reused from the thread pool that still retains the security context from the process last used, which lets a local user obtain elevated privileges.

CVSS v3 7.8 HIGH
CVSS v2.0 4.6 MEDIUM

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

4.6^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://access.redhat.com/security/cve/cve-2012-2312	Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2312	Issue Tracking Vendor Advisory
https://security-tracker.debian.org/tracker/CVE-2012-2312	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:redhat:jboss_application_server:7.1.0::::community:::
	cpe:2.3:a:redhat:jboss_application_server:7.1.1::::community:::
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:beta::::::

History

No history.

Information

Published : 2019-12-18 18:15

Updated : 2023-12-10 13:13

NVD link : CVE-2012-2312

Mitre link : CVE-2012-2312

CVE.ORG link : CVE-2012-2312

JSON object : View

Products Affected

redhat

jboss_application_server
jboss_enterprise_application_platform

CWE

CWE-269

Improper Privilege Management

{"id": "CVE-2012-2312", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2019-12-18T18:15:15.677", "references": [{"url": "https://access.redhat.com/security/cve/cve-2012-2312", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2312", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://security-tracker.debian.org/tracker/CVE-2012-2312", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-269"}]}], "descriptions": [{"lang": "en", "value": "An Elevated Privileges issue exists in JBoss AS 7 Community Release due to the improper implementation in the security context propagation, A threat gets reused from the thread pool that still retains the security context from the process last used, which lets a local user obtain elevated privileges."}, {"lang": "es", "value": "Se presenta un problema de privilegios elevados en JBoss AS 7 Community Release, debido a la implementaci\u00f3n inapropiada en la propagaci\u00f3n del contexto de seguridad. Se reutiliza una amenaza del grupo de hilos (subprocesos) que a\u00fan conserva el contexto de seguridad del \u00faltimo proceso utilizado, lo que permite a un usuario local obtener privilegios elevados."}], "lastModified": "2019-12-23T20:32:06.563", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:jboss_application_server:7.1.0:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "C257394F-F187-4785-8716-9281DDAA6494"}, {"criteria": "cpe:2.3:a:redhat:jboss_application_server:7.1.1:*:*:*:community:*:*:*", "vulnerable": true, "matchCriteriaId": "296F4B0F-50D0-49F6-8EF4-80AC8EBB1F55"}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:beta:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9444B161-7249-4D9A-B449-92FC8AD952B8"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}