csaf_redhat - RHSA-2007:0151

RHSA-2007:0151

Vulnerability from csaf_redhat

Published

2007-04-16 14:38

Modified

2025-10-09 12:57

Summary

Red Hat Security Advisory: JBoss Application Server security update

Notes

Topic

Updated versions of JBoss Application Server that fix a security issue are now available. This update has been rated as having low security impact by the Red Hat Security Response Team.

Details

The JBoss Application Server is a powerful J2EE application server. A flaw was found in the JMX Console fine-grained Access Control feature. An administrator with 'Read Mode' privileges to the JMX service could gain additional privileges if another administrator who had 'Write Mode' privileges was logged into and accessed the console at the same time. (CVE-2007-1354) Note: Fine-grained Access Control was first added to JBoss Application Server in June 2006; earlier versions are not affected by this issue. Known vulnerable versions include: JBoss AS 4.0.2.GA_CP02, 4.0.2.GA_CP03, 4.0.2.GA_CP04, 4.0.5.GA, 4.0.5_CP01, and 4.0.5_CP02. This vulnerability is rectified and does not affect JBoss AS releases 5.0.0.Beta2, 4.2.0.GA, 4.0.5.SP1, 3.2.8.SP2, and cumulative patches 4.0.5.GA_CP03, 4.0.2.GA_CP05, 4.0.4.GA_CP06, 4.0.3.SP1_CP05, and 3.2.8.SP1_CP01. Users with an affected installation of JBoss Application Server who rely on granting read-only privileges to the console should upgrade to one of these updated versions.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Low"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated versions of JBoss Application Server that fix a security issue are\nnow available.\n\nThis update has been rated as having low security impact by the Red Hat\nSecurity Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The JBoss Application Server is a powerful J2EE application server.\n\nA flaw was found in the JMX Console fine-grained Access Control feature.\nAn administrator with \u0027Read Mode\u0027 privileges to the JMX service could\ngain additional privileges if another administrator who had \u0027Write Mode\u0027\nprivileges was logged into and accessed the console at the same time.\n(CVE-2007-1354)\n\nNote: Fine-grained Access Control was first added to JBoss Application\nServer in June 2006; earlier versions are not affected by this issue.\n\nKnown vulnerable versions include: JBoss AS 4.0.2.GA_CP02, 4.0.2.GA_CP03,\n4.0.2.GA_CP04, 4.0.5.GA, 4.0.5_CP01, and 4.0.5_CP02.\n\nThis vulnerability is rectified and does not affect JBoss AS releases\n5.0.0.Beta2, 4.2.0.GA, 4.0.5.SP1, 3.2.8.SP2, and cumulative patches\n4.0.5.GA_CP03, 4.0.2.GA_CP05, 4.0.4.GA_CP06, 4.0.3.SP1_CP05, and\n3.2.8.SP1_CP01.\n\nUsers with an affected installation of JBoss Application Server who rely on\ngranting read-only privileges to the console should upgrade to one of these\nupdated versions.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2007:0151",
        "url": "https://access.redhat.com/errata/RHSA-2007:0151"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#low",
        "url": "https://access.redhat.com/security/updates/classification/#low"
      },
      {
        "category": "external",
        "summary": "http://jira.jboss.com/jira/browse/ASPATCH-172",
        "url": "http://jira.jboss.com/jira/browse/ASPATCH-172"
      },
      {
        "category": "external",
        "summary": "http://jira.jboss.com/jira/browse/ASPATCH-175",
        "url": "http://jira.jboss.com/jira/browse/ASPATCH-175"
      },
      {
        "category": "external",
        "summary": "http://wiki.jboss.org/wiki/Wiki.jsp?page=AccessControlForJMXConsole",
        "url": "http://wiki.jboss.org/wiki/Wiki.jsp?page=AccessControlForJMXConsole"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2007/rhsa-2007_0151.json"
      }
    ],
    "title": "Red Hat Security Advisory: JBoss Application Server security update",
    "tracking": {
      "current_release_date": "2025-10-09T12:57:42+00:00",
      "generator": {
        "date": "2025-10-09T12:57:42+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.9"
        }
      },
      "id": "RHSA-2007:0151",
      "initial_release_date": "2007-04-16T14:38:00+00:00",
      "revision_history": [
        {
          "date": "2007-04-16T14:38:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2007-04-16T10:38:41+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-10-09T12:57:42+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "JBoss Application Server 4",
                "product": {
                  "name": "JBoss Application Server 4",
                  "product_id": "JBoss Application Server 4",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_application_server:4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss Application Server"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2007-1354",
      "discovery_date": "2007-03-22T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1618298"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "The Access Control functionality (JMXOpsAccessControlFilter) in JMX Console in JBoss Application Server 4.0.2 and 4.0.5 before 20070416 uses a member variable to store the roles of the current user, which allows remote authenticated administrators to trigger a race condition and gain privileges by logging in during a session by a more privileged administrator, as demonstrated by privilege escalation from Read Mode to Write Mode.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "JBoss Application Server 4"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2007-1354"
        },
        {
          "category": "external",
          "summary": "RHBZ#1618298",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1618298"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2007-1354",
          "url": "https://www.cve.org/CVERecord?id=CVE-2007-1354"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2007-1354",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-1354"
        }
      ],
      "release_date": "2007-04-15T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2007-04-16T14:38:00+00:00",
          "details": "Updates are available from the JBoss Customer Support Portal (CSP)\nat https://network.jboss.com/",
          "product_ids": [
            "JBoss Application Server 4"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2007:0151"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "security flaw"
    }
  ]
}

CVE-2007-1354 (GCVE-0-2007-1354)

Vulnerability from cvelistv5

Published

2007-07-27 21:00

Modified

2024-08-07 12:50

Severity ?

CWE

Summary

The Access Control functionality (JMXOpsAccessControlFilter) in JMX Console in JBoss Application Server 4.0.2 and 4.0.5 before 20070416 uses a member variable to store the roles of the current user, which allows remote authenticated administrators to trigger a race condition and gain privileges by logging in during a session by a more privileged administrator, as demonstrated by privilege escalation from Read Mode to Write Mode.

References

▼	URL	Tags
	http://rhn.redhat.com/errata/RHSA-2007-0151.html	vendor-advisory, x_refsource_REDHAT
	http://jira.jboss.com/jira/browse/ASPATCH-172	x_refsource_CONFIRM
	http://www.redhat.com/archives/jboss-watch-list/2007-April/msg00000.html	mailing-list, x_refsource_MLIST
	http://jira.jboss.com/jira/browse/ASPATCH-175	x_refsource_CONFIRM
	http://osvdb.org/46765	vdb-entry, x_refsource_OSVDB

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T12:50:35.274Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2007:0151",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2007-0151.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://jira.jboss.com/jira/browse/ASPATCH-172"
          },
          {
            "name": "[jboss-watch-list] 20070416 [RHSA-2007:0151-01] Low: JBoss Application Server security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/archives/jboss-watch-list/2007-April/msg00000.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://jira.jboss.com/jira/browse/ASPATCH-175"
          },
          {
            "name": "46765",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/46765"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-04-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Access Control functionality (JMXOpsAccessControlFilter) in JMX Console in JBoss Application Server 4.0.2 and 4.0.5 before 20070416 uses a member variable to store the roles of the current user, which allows remote authenticated administrators to trigger a race condition and gain privileges by logging in during a session by a more privileged administrator, as demonstrated by privilege escalation from Read Mode to Write Mode."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2008-11-13T10:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2007:0151",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2007-0151.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://jira.jboss.com/jira/browse/ASPATCH-172"
        },
        {
          "name": "[jboss-watch-list] 20070416 [RHSA-2007:0151-01] Low: JBoss Application Server security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.redhat.com/archives/jboss-watch-list/2007-April/msg00000.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://jira.jboss.com/jira/browse/ASPATCH-175"
        },
        {
          "name": "46765",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/46765"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2007-1354",
    "datePublished": "2007-07-27T21:00:00",
    "dateReserved": "2007-03-08T00:00:00",
    "dateUpdated": "2024-08-07T12:50:35.274Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted