Description
The org.jboss.security.plugins.mapping.JBossMappingManager implementation in JBoss Security in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 uses the default security domain when a security domain is undefined, which allows remote authenticated users to bypass intended access restrictions by leveraging credentials on the default domain for a role that is also on the application domain.
Remediation
References
Related Vulnerabilities
Apache HTTP Server Other Vulnerability (CVE-2002-1156)
WordPress Plugin WP Job Manager Cross-Site Request Forgery (1.25.2)
WordPress Plugin OnePress Social Locker Multiple Unspecified Vulnerabilities (4.2.5)
Lighttpd Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2008-1270)
WordPress Plugin Advanced Woo Search Cross-Site Scripting (2.77)