Description

Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2, when using a Java Security Manager (JSM), does not properly apply permissions defined by a policy file, which causes applications to be granted the java.security.AllPermission permission and allows remote attackers to bypass intended access restrictions.

Remediation

References

CVE-2014-0093

Related Vulnerabilities

Roundcube Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-13965)

Apache HTTP Server Out-of-bounds Write Vulnerability (CVE-2021-39275)

PHP Other Vulnerability (CVE-2007-1376)

WebLogic CVE-2018-3252 Vulnerability (CVE-2018-3252)

PHP Other Vulnerability (CVE-2007-0911)

Severity

Medium

Classification

CVE-2014-0093 CWE-264

Tags

Missing Update Known Vulnerabilities