Description

An Elevated Privileges issue exists in JBoss AS 7 Community Release due to the improper implementation in the security context propagation, A threat gets reused from the thread pool that still retains the security context from the process last used, which lets a local user obtain elevated privileges.

Remediation

References

CVE-2012-2312

Related Vulnerabilities

WordPress Plugin Shopping Cart & eCommerce Store Arbitrary File Upload (3.0.8)

Apache Tomcat Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2018-1336)

PostgreSQL Improper Control of Dynamically-Managed Code Resources Vulnerability (CVE-2022-2625)

PrestaShop Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-21398)

Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2011-4802)

Severity

High

Classification

CVE-2012-2312 CWE-269

Tags

Missing Update Known Vulnerabilities