CVE-2014-0018 Information

Description

Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.0 and JBoss WildFly Application Server when run under a security manager do not properly restrict access to the Modular Service Container (MSC) service registry which allows local users to modify the server via a crafted deployment.

Reference

http://rhn.redhat.com/errata/RHSA-2014-0170.html http://rhn.redhat.com/errata/RHSA-2014-0171.html http://rhn.redhat.com/errata/RHSA-2014-0172.html http://www.securityfocus.com/bid/65591 https://bugzilla.redhat.com/show_bug.cgi?id=1052783