Description
The Access Control functionality (JMXOpsAccessControlFilter) in JMX Console in JBoss Application Server 4.0.2 and 4.0.2.ga_cp04 before 20070416 uses a member variable to store the roles of the current user, which allows remote authenticated administrators to trigger a race condition and gain privileges by logging in during a session by a more privileged administrator, as demonstrated by privilege escalation from Read Mode to Write Mode.
Remediation
References
Related Vulnerabilities
WordPress Plugin Quick Paypal Payments Cross-Site Scripting (3.0)
WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-6635)
WordPress 4.5.x Same Origin Method Execution (SOME) Vulnerability (4.5 - 4.5.1)
WordPress Plugin Ship To eCourier Cross-Site Request Forgery (1.0.1)
WordPress Plugin Customer Service Software & Support Ticket System Cross-Site Scripting (5.10.3)