CVE-2014-0245 Information

Description

It was found that the implementation of the GTNSubjectCreatingInterceptor class in gatein-wsrp was not thread safe. For a specific WSRP endpoint under high-concurrency scenarios or scenarios where SOAP messages take long to execute it was possible for an unauthenticated remote attacker to gain privileged information if WS-Security is enabled for the WSRP Consumer and the endpoint in question is being used by a privileged user. This affects JBoss Portal 6.2.0.

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Reference

https://access.redhat.com/errata/RHSA-2015:1009 https://access.redhat.com/security/cve/cve-2014-0245 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0245

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

5.9