Unrated severityNVD Advisory· Published Feb 5, 2013· Updated Apr 29, 2026
CVE-2012-0874
CVE-2012-0874
Description
The (1) JMXInvokerHAServlet and (2) EJBInvokerHAServlet invoker servlets in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 do not require authentication by default in certain profiles, which might allow remote attackers to invoke MBean methods and execute arbitrary code via unspecified vectors. NOTE: this issue can only be exploited when the interceptor is not properly configured with a "second layer of authentication," or when used in conjunction with other vulnerabilities that bypass this second layer.
Affected products
3- cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_brms_platform:*:*:*:*:*:*:*:*Range: <=5.3.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
18- rhn.redhat.com/errata/RHSA-2013-0191.htmlnvdVendor Advisory
- rhn.redhat.com/errata/RHSA-2013-0192.htmlnvdVendor Advisory
- rhn.redhat.com/errata/RHSA-2013-0193.htmlnvdVendor Advisory
- rhn.redhat.com/errata/RHSA-2013-0194.htmlnvdVendor Advisory
- rhn.redhat.com/errata/RHSA-2013-0195.htmlnvdVendor Advisory
- rhn.redhat.com/errata/RHSA-2013-0196.htmlnvdVendor Advisory
- rhn.redhat.com/errata/RHSA-2013-0197.htmlnvdVendor Advisory
- rhn.redhat.com/errata/RHSA-2013-0198.htmlnvdVendor Advisory
- rhn.redhat.com/errata/RHSA-2013-0221.htmlnvdVendor Advisory
- secunia.com/advisories/51984nvdVendor Advisory
- secunia.com/advisories/52054nvdVendor Advisory
- archives.neohapsis.com/archives/bugtraq/2013-12/0134.htmlnvd
- rhn.redhat.com/errata/RHSA-2013-0533.htmlnvd
- securitytracker.com/idnvd
- www.exploit-db.com/exploits/30211nvd
- www.securityfocus.com/bid/57552nvd
- bugzilla.redhat.com/show_bug.cginvd
- exchange.xforce.ibmcloud.com/vulnerabilities/81511nvd
News mentions
0No linked articles in our index yet.