CVE-2014-0018 - Vulnerability Details

- jboss-as-server: Unchecked access to MSC Service Registry under JSM

Description

Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.0 and JBoss WildFly Application Server, when run under a security manager, do not properly restrict access to the Modular Service Container (MSC) service registry, which allows local users to modify the server via a crafted deployment.

Published: 2014-02-14

Score: 1.9 Low

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

n/a

affected

Version	Status	Constraints
`n/a`	affected	—

Configuration 1 [-]

OR	cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.2.0:::::::*
	cpe:2.3:a:redhat:jboss_wildfly_application_server:-:::::::*

Package	CPE	Advisory	Released Date
Red Hat JBoss BPMS 6.0
jboss-as-server	cpe:/a:redhat:jboss_bpms:6.0	RHSA-2014:1291	2014-09-23T00:00:00Z
Red Hat JBoss BRMS 6.0
jboss-as-server	cpe:/a:redhat:jboss_brms:6.0	RHSA-2014:1290	2014-09-23T00:00:00Z
Red Hat JBoss Enterprise Application Platform 6.2
	cpe:/a:redhat:jboss_enterprise_application_platform:6.2.1	RHSA-2014:0172	2014-02-13T00:00:00Z
Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 5
jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2014:0170	2014-02-13T00:00:00Z
Red Hat JBoss Enterprise Application Platform 6.2 for RHEL 6
jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2014:0171	2014-02-13T00:00:00Z
Red Hat JBoss Enterprise Application Platform 6 for RHEL 5
hornetq-0:2.3.14-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2014:0170	2014-02-13T00:00:00Z
jacorb-jboss-0:2.3.2-13.redhat_6.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2014:0170	2014-02-13T00:00:00Z
jboss-as-appclient-0:7.3.1-3.Final_redhat_3.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2014:0170	2014-02-13T00:00:00Z
jboss-as-cli-0:7.3.1-4.Final_redhat_3.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2014:0170	2014-02-13T00:00:00Z
jboss-as-client-all-0:7.3.1-4.Final_redhat_3.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2014:0170	2014-02-13T00:00:00Z
jboss-as-clustering-0:7.3.1-3.Final_redhat_3.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2014:0170	2014-02-13T00:00:00Z
jboss-as-cmp-0:7.3.1-2.Final_redhat_3.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2014:0170	2014-02-13T00:00:00Z
jboss-as-configadmin-0:7.3.1-2.Final_redhat_3.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2014:0170	2014-02-13T00:00:00Z
jboss-as-connector-0:7.3.1-4.Final_redhat_3.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2014:0170	2014-02-13T00:00:00Z
jboss-as-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2014:0170	2014-02-13T00:00:00Z
jboss-as-controller-client-0:7.3.1-2.Final_redhat_3.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2014:0170	2014-02-13T00:00:00Z
jbossas-core-0:7.3.1-5.Final_redhat_3.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2014:0170	2014-02-13T00:00:00Z
jboss-as-core-security-0:7.3.1-2.Final_redhat_3.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2014:0170	2014-02-13T00:00:00Z
jboss-as-deployment-repository-0:7.3.1-2.Final_redhat_3.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2014:0170	2014-02-13T00:00:00Z
jboss-as-deployment-scanner-0:7.3.1-2.Final_redhat_3.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2014:0170	2014-02-13T00:00:00Z
jboss-as-domain-http-0:7.3.1-3.Final_redhat_3.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2014:0170	2014-02-13T00:00:00Z
jboss-as-domain-management-0:7.3.1-3.Final_redhat_3.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2014:0170	2014-02-13T00:00:00Z
jboss-as-ee-0:7.3.1-3.Final_redhat_3.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2014:0170	2014-02-13T00:00:00Z
jboss-as-ee-deployment-0:7.3.1-2.Final_redhat_3.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2014:0170	2014-02-13T00:00:00Z
jboss-as-ejb3-0:7.3.1-3.Final_redhat_3.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2014:0170	2014-02-13T00:00:00Z
jboss-as-embedded-0:7.3.1-2.Final_redhat_3.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2014:0170	2014-02-13T00:00:00Z
jboss-as-host-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2014:0170	2014-02-13T00:00:00Z
jboss-as-jacorb-0:7.3.1-3.Final_redhat_3.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2014:0170	2014-02-13T00:00:00Z
jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2014:0170	2014-02-13T00:00:00Z
jboss-as-jaxr-0:7.3.1-2.Final_redhat_3.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2014:0170	2014-02-13T00:00:00Z
jboss-as-jaxrs-0:7.3.1-2.Final_redhat_3.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2014:0170	2014-02-13T00:00:00Z
jboss-as-jdr-0:7.3.1-2.Final_redhat_3.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2014:0170	2014-02-13T00:00:00Z
jboss-as-jmx-0:7.3.1-3.Final_redhat_3.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2014:0170	2014-02-13T00:00:00Z
jboss-as-jpa-0:7.3.1-3.Final_redhat_3.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2014:0170	2014-02-13T00:00:00Z
jboss-as-jsf-0:7.3.1-2.Final_redhat_3.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2014:0170	2014-02-13T00:00:00Z
jboss-as-jsr77-0:7.3.1-2.Final_redhat_3.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2014:0170	2014-02-13T00:00:00Z
jboss-as-logging-0:7.3.1-3.Final_redhat_3.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2014:0170	2014-02-13T00:00:00Z
jboss-as-mail-0:7.3.1-2.Final_redhat_3.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2014:0170	2014-02-13T00:00:00Z
jboss-as-management-client-content-0:7.3.1-2.Final_redhat_3.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2014:0170	2014-02-13T00:00:00Z
jboss-as-messaging-0:7.3.1-3.Final_redhat_3.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2014:0170	2014-02-13T00:00:00Z
jboss-as-modcluster-0:7.3.1-2.Final_redhat_3.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2014:0170	2014-02-13T00:00:00Z
jbossas-modules-eap-0:7.3.1-6.Final_redhat_3.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2014:0170	2014-02-13T00:00:00Z
jboss-as-naming-0:7.3.1-3.Final_redhat_3.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2014:0170	2014-02-13T00:00:00Z
jboss-as-network-0:7.3.1-2.Final_redhat_3.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2014:0170	2014-02-13T00:00:00Z
jboss-as-osgi-0:7.3.1-4.Final_redhat_3.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2014:0170	2014-02-13T00:00:00Z
jboss-as-osgi-configadmin-0:7.3.1-4.Final_redhat_3.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2014:0170	2014-02-13T00:00:00Z
jboss-as-osgi-service-0:7.3.1-2.Final_redhat_3.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2014:0170	2014-02-13T00:00:00Z
jboss-as-platform-mbean-0:7.3.1-2.Final_redhat_3.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2014:0170	2014-02-13T00:00:00Z
jboss-as-pojo-0:7.3.1-2.Final_redhat_3.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2014:0170	2014-02-13T00:00:00Z
jboss-as-process-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2014:0170	2014-02-13T00:00:00Z
jboss-as-protocol-0:7.3.1-2.Final_redhat_3.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2014:0170	2014-02-13T00:00:00Z
jboss-as-remoting-0:7.3.1-3.Final_redhat_3.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2014:0170	2014-02-13T00:00:00Z
jboss-as-sar-0:7.3.1-2.Final_redhat_3.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2014:0170	2014-02-13T00:00:00Z
jboss-as-security-0:7.3.1-3.Final_redhat_3.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2014:0170	2014-02-13T00:00:00Z
jboss-as-server-0:7.3.1-3.Final_redhat_3.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2014:0170	2014-02-13T00:00:00Z
jboss-as-system-jmx-0:7.3.1-2.Final_redhat_3.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2014:0170	2014-02-13T00:00:00Z
jboss-as-threads-0:7.3.1-2.Final_redhat_3.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2014:0170	2014-02-13T00:00:00Z
jboss-as-transactions-0:7.3.1-2.Final_redhat_3.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2014:0170	2014-02-13T00:00:00Z
jboss-as-version-0:7.3.1-4.Final_redhat_3.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2014:0170	2014-02-13T00:00:00Z
jboss-as-web-0:7.3.1-3.Final_redhat_3.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2014:0170	2014-02-13T00:00:00Z
jboss-as-webservices-0:7.3.1-3.Final_redhat_3.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2014:0170	2014-02-13T00:00:00Z
jboss-as-weld-0:7.3.1-4.Final_redhat_3.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2014:0170	2014-02-13T00:00:00Z
jboss-as-xts-0:7.3.1-2.Final_redhat_3.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2014:0170	2014-02-13T00:00:00Z
jboss-logmanager-0:1.5.2-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2014:0170	2014-02-13T00:00:00Z
jboss-marshalling-0:1.4.3-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2014:0170	2014-02-13T00:00:00Z
jbossweb-0:7.3.0-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2014:0170	2014-02-13T00:00:00Z
jboss-xnio-base-0:3.0.9-1.GA_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2014:0170	2014-02-13T00:00:00Z
netty-0:3.6.7-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2014:0170	2014-02-13T00:00:00Z
picketbox-0:4.0.19-2.SP3_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2014:0170	2014-02-13T00:00:00Z
weld-core-0:1.1.17-1.Final_redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2014:0170	2014-02-13T00:00:00Z
xml-security-0:1.5.6-1.redhat_1.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2014:0170	2014-02-13T00:00:00Z
xmltooling-0:1.3.4-5.redhat_3.1.ep6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:6::el5	RHSA-2014:0170	2014-02-13T00:00:00Z
Red Hat JBoss Enterprise Application Platform 6 for RHEL 6
hornetq-0:2.3.14-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2014:0171	2014-02-13T00:00:00Z
jacorb-jboss-0:2.3.2-13.redhat_6.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2014:0171	2014-02-13T00:00:00Z
jboss-as-appclient-0:7.3.1-3.Final_redhat_3.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2014:0171	2014-02-13T00:00:00Z
jboss-as-cli-0:7.3.1-4.Final_redhat_3.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2014:0171	2014-02-13T00:00:00Z
jboss-as-client-all-0:7.3.1-4.Final_redhat_3.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2014:0171	2014-02-13T00:00:00Z
jboss-as-clustering-0:7.3.1-3.Final_redhat_3.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2014:0171	2014-02-13T00:00:00Z
jboss-as-cmp-0:7.3.1-2.Final_redhat_3.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2014:0171	2014-02-13T00:00:00Z
jboss-as-configadmin-0:7.3.1-2.Final_redhat_3.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2014:0171	2014-02-13T00:00:00Z
jboss-as-connector-0:7.3.1-4.Final_redhat_3.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2014:0171	2014-02-13T00:00:00Z
jboss-as-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2014:0171	2014-02-13T00:00:00Z
jboss-as-controller-client-0:7.3.1-2.Final_redhat_3.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2014:0171	2014-02-13T00:00:00Z
jbossas-core-0:7.3.1-5.Final_redhat_3.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2014:0171	2014-02-13T00:00:00Z
jboss-as-core-security-0:7.3.1-2.Final_redhat_3.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2014:0171	2014-02-13T00:00:00Z
jboss-as-deployment-repository-0:7.3.1-2.Final_redhat_3.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2014:0171	2014-02-13T00:00:00Z
jboss-as-deployment-scanner-0:7.3.1-2.Final_redhat_3.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2014:0171	2014-02-13T00:00:00Z
jboss-as-domain-http-0:7.3.1-3.Final_redhat_3.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2014:0171	2014-02-13T00:00:00Z
jboss-as-domain-management-0:7.3.1-3.Final_redhat_3.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2014:0171	2014-02-13T00:00:00Z
jboss-as-ee-0:7.3.1-3.Final_redhat_3.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2014:0171	2014-02-13T00:00:00Z
jboss-as-ee-deployment-0:7.3.1-2.Final_redhat_3.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2014:0171	2014-02-13T00:00:00Z
jboss-as-ejb3-0:7.3.1-3.Final_redhat_3.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2014:0171	2014-02-13T00:00:00Z
jboss-as-embedded-0:7.3.1-2.Final_redhat_3.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2014:0171	2014-02-13T00:00:00Z
jboss-as-host-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2014:0171	2014-02-13T00:00:00Z
jboss-as-jacorb-0:7.3.1-3.Final_redhat_3.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2014:0171	2014-02-13T00:00:00Z
jbossas-javadocs-0:7.3.1-3.Final_redhat_3.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2014:0171	2014-02-13T00:00:00Z
jboss-as-jaxr-0:7.3.1-2.Final_redhat_3.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2014:0171	2014-02-13T00:00:00Z
jboss-as-jaxrs-0:7.3.1-2.Final_redhat_3.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2014:0171	2014-02-13T00:00:00Z
jboss-as-jdr-0:7.3.1-2.Final_redhat_3.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2014:0171	2014-02-13T00:00:00Z
jboss-as-jmx-0:7.3.1-3.Final_redhat_3.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2014:0171	2014-02-13T00:00:00Z
jboss-as-jpa-0:7.3.1-3.Final_redhat_3.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2014:0171	2014-02-13T00:00:00Z
jboss-as-jsf-0:7.3.1-2.Final_redhat_3.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2014:0171	2014-02-13T00:00:00Z
jboss-as-jsr77-0:7.3.1-2.Final_redhat_3.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2014:0171	2014-02-13T00:00:00Z
jboss-as-logging-0:7.3.1-3.Final_redhat_3.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2014:0171	2014-02-13T00:00:00Z
jboss-as-mail-0:7.3.1-2.Final_redhat_3.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2014:0171	2014-02-13T00:00:00Z
jboss-as-management-client-content-0:7.3.1-2.Final_redhat_3.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2014:0171	2014-02-13T00:00:00Z
jboss-as-messaging-0:7.3.1-3.Final_redhat_3.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2014:0171	2014-02-13T00:00:00Z
jboss-as-modcluster-0:7.3.1-2.Final_redhat_3.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2014:0171	2014-02-13T00:00:00Z
jbossas-modules-eap-0:7.3.1-6.Final_redhat_3.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2014:0171	2014-02-13T00:00:00Z
jboss-as-naming-0:7.3.1-3.Final_redhat_3.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2014:0171	2014-02-13T00:00:00Z
jboss-as-network-0:7.3.1-2.Final_redhat_3.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2014:0171	2014-02-13T00:00:00Z
jboss-as-osgi-0:7.3.1-4.Final_redhat_3.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2014:0171	2014-02-13T00:00:00Z
jboss-as-osgi-configadmin-0:7.3.1-4.Final_redhat_3.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2014:0171	2014-02-13T00:00:00Z
jboss-as-osgi-service-0:7.3.1-2.Final_redhat_3.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2014:0171	2014-02-13T00:00:00Z
jboss-as-platform-mbean-0:7.3.1-2.Final_redhat_3.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2014:0171	2014-02-13T00:00:00Z
jboss-as-pojo-0:7.3.1-2.Final_redhat_3.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2014:0171	2014-02-13T00:00:00Z
jboss-as-process-controller-0:7.3.1-3.Final_redhat_3.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2014:0171	2014-02-13T00:00:00Z
jboss-as-protocol-0:7.3.1-2.Final_redhat_3.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2014:0171	2014-02-13T00:00:00Z
jboss-as-remoting-0:7.3.1-3.Final_redhat_3.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2014:0171	2014-02-13T00:00:00Z
jboss-as-sar-0:7.3.1-2.Final_redhat_3.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2014:0171	2014-02-13T00:00:00Z
jboss-as-security-0:7.3.1-3.Final_redhat_3.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2014:0171	2014-02-13T00:00:00Z
jboss-as-server-0:7.3.1-3.Final_redhat_3.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2014:0171	2014-02-13T00:00:00Z
jboss-as-system-jmx-0:7.3.1-2.Final_redhat_3.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2014:0171	2014-02-13T00:00:00Z
jboss-as-threads-0:7.3.1-2.Final_redhat_3.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2014:0171	2014-02-13T00:00:00Z
jboss-as-transactions-0:7.3.1-2.Final_redhat_3.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2014:0171	2014-02-13T00:00:00Z
jboss-as-version-0:7.3.1-4.Final_redhat_3.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2014:0171	2014-02-13T00:00:00Z
jboss-as-web-0:7.3.1-3.Final_redhat_3.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2014:0171	2014-02-13T00:00:00Z
jboss-as-webservices-0:7.3.1-3.Final_redhat_3.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2014:0171	2014-02-13T00:00:00Z
jboss-as-weld-0:7.3.1-4.Final_redhat_3.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2014:0171	2014-02-13T00:00:00Z
jboss-as-xts-0:7.3.1-2.Final_redhat_3.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2014:0171	2014-02-13T00:00:00Z
jboss-logmanager-0:1.5.2-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2014:0171	2014-02-13T00:00:00Z
jboss-marshalling-0:1.4.3-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2014:0171	2014-02-13T00:00:00Z
jbossweb-0:7.3.0-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2014:0171	2014-02-13T00:00:00Z
jboss-xnio-base-0:3.0.9-1.GA_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2014:0171	2014-02-13T00:00:00Z
netty-0:3.6.7-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2014:0171	2014-02-13T00:00:00Z
picketbox-0:4.0.19-2.SP3_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2014:0171	2014-02-13T00:00:00Z
weld-core-0:1.1.17-1.Final_redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2014:0171	2014-02-13T00:00:00Z
xml-security-0:1.5.6-1.redhat_1.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2014:0171	2014-02-13T00:00:00Z
xmltooling-0:1.3.4-5.redhat_3.1.ep6.el6	cpe:/a:redhat:jboss_enterprise_application_platform:6::el6	RHSA-2014:0171	2014-02-13T00:00:00Z
Red Hat JBoss Fuse Service Works 6.0
jboss-as-server	cpe:/a:redhat:jboss_fuse_service_works:6.0	RHSA-2014:1995	2014-12-15T00:00:00Z
Red Hat JBoss Portal 6.2
jboss-as-server	cpe:/a:redhat:jboss_enterprise_portal_platform:6.2	RHSA-2015:1009	2015-05-14T00:00:00Z

No data available yet.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2014-0119	Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.0 and JBoss WildFly Application Server, when run under a security manager, do not properly restrict access to the Modular Service Container (MSC) service registry, which allows local users to modify the server via a crafted deployment.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

The EPSS score is 0.00062.

Key SSVC decision points have not yet been added.

References

Link	Providers
http://rhn.redhat.com/errata/RHSA-2014-0170.html
http://rhn.redhat.com/errata/RHSA-2014-0171.html
http://rhn.redhat.com/errata/RHSA-2014-0172.html
http://www.securityfocus.com/bid/65591
https://bugzilla.redhat.com/show_bug.cgi?id=1052783
https://nvd.nist.gov/vuln/detail/CVE-2014-0018
https://www.cve.org/CVERecord?id=CVE-2014-0018

History

No history.

Subscriptions

Redhat Jboss Bpms Jboss Brms Jboss Enterprise Application Platform Jboss Enterprise Portal Platform Jboss Fuse Service Works Jboss Wildfly Application Server

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2014-02-14T15:00:00.000Z

Updated: 2024-08-06T08:58:26.525Z

Reserved: 2013-12-03T00:00:00.000Z

Link: CVE-2014-0018

Vulnrichment

No data.

NVD

Status : Modified

Published: 2014-02-14T15:55:05.343

Modified: 2026-04-29T01:13:23.040

Link: CVE-2014-0018

Redhat

Severity : Low

Publid Date: 2014-01-11T00:00:00Z

Links: CVE-2014-0018 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

CWE-264

Tracking

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object