oss-sec mailing list archives
CVE assignment notification -- CVE-2010-2474 -- JBossESB
From: Marc Schoenefeld <mschoene () redhat com>
Date: Fri, 23 Jul 2010 13:41:40 +0200
Hello Steve, JBossESB: privilege escalation in cross-domain contexts The security context from an authentication request should check the domain and invalidate the information if the service is secured with a different security domain. At present the execution of a service with a different domain could result in the pipeline being executed differing credentials, one set from the first domain if the request is still valid, a second set from the second domain if it has expired. References: ---------- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2474 http://fisheye.jboss.org/changelog/JBossESB/?cs=33454 CVE identifier of CVE-2010-2474 has been already assigned to these issues. Thanks && Regards, Marc -- Marc Schoenefeld / Red Hat Security Response Team
Current thread:
- CVE assignment notification -- CVE-2010-2474 -- JBossESB Marc Schoenefeld (Jul 23)