Description
A flaw was found in JBoss EAP, where the authentication configuration is set-up using a legacy SecurityRealm, to delegate to a legacy PicketBox SecurityDomain, and then reloaded to admin-only mode. This flaw allows an attacker to perform a complete authentication bypass by using an arbitrary user and password. The highest threat to vulnerability is to system availability.
Remediation
References
Related Vulnerabilities
WordPress Plugin Photo Gallery, Images, Slider in Rbs Image Gallery Security Bypass (2.0.15)
Mailman Other Vulnerability (CVE-2006-3636)
WordPress Plugin Portfolio Gallery-Photo Gallery Cross-Site Scripting (2.2.2)
WordPress Plugin WordPress Automatic Security Bypass (3.53.2)
WordPress 4.4.x Possible SQL Injection Vulnerability (4.4 - 4.4.11)