Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-0018)

Description

Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.0 and JBoss WildFly Application Server, when run under a security manager, do not properly restrict access to the Modular Service Container (MSC) service registry, which allows local users to modify the server via a crafted deployment.

Remediation

References

Related Vulnerabilities

WordPress Plugin WP VR-360 Panorama and Virtual Tour Builder For WordPress Cross-Site Scripting (8.2.6)

WordPress Plugin All-In-One Security (AIOS)-Security and Firewall SQL Injection (3.8.7)

WebLogic Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2021-2351)

WordPress Plugin WP Mega Menu Unspecified Vulnerability (1.4.1)

WordPress Plugin WordPress Simple Shopping Cart Cross-Site Request Forgery (3.5)

Severity

Low

Classification

CVE-2014-0018 CWE-264

Tags

Missing Update Known Vulnerabilities