CVE-2014-0093 Information

Description

Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2 when using a Java Security Manager (JSM) does not properly apply permissions defined by a policy file which causes applications to be granted the java.security.AllPermission permission and allows remote attackers to bypass intended access restrictions.

Reference

http://rhn.redhat.com/errata/RHSA-2014-0343.html http://rhn.redhat.com/errata/RHSA-2014-0344.html http://rhn.redhat.com/errata/RHSA-2014-0345.html http://secunia.com/advisories/57675 http://www.securityfocus.com/bid/66596