Unrated severityNVD Advisory· Published Feb 5, 2013· Updated Jun 16, 2026
CVE-2012-0874
CVE-2012-0874
Description
The (1) JMXInvokerHAServlet and (2) EJBInvokerHAServlet invoker servlets in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 do not require authentication by default in certain profiles, which might allow remote attackers to invoke MBean methods and execute arbitrary code via unspecified vectors. NOTE: this issue can only be exploited when the interceptor is not properly configured with a "second layer of authentication," or when used in conjunction with other vulnerabilities that bypass this second layer.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.2.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.2.0:*:*:*:*:*:*:*
- (no CPE)range: <5.2.0
- cpe:2.3:a:redhat:jboss_enterprise_brms_platform:*:*:*:*:*:*:*:*Range: <=5.3.0
- cpe:2.3:a:redhat:jboss_enterprise_web_platform:5.2.0:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
18- rhn.redhat.com/errata/RHSA-2013-0191.htmlnvdVendor Advisory
- rhn.redhat.com/errata/RHSA-2013-0192.htmlnvdVendor Advisory
- rhn.redhat.com/errata/RHSA-2013-0193.htmlnvdVendor Advisory
- rhn.redhat.com/errata/RHSA-2013-0194.htmlnvdVendor Advisory
- rhn.redhat.com/errata/RHSA-2013-0195.htmlnvdVendor Advisory
- rhn.redhat.com/errata/RHSA-2013-0196.htmlnvdVendor Advisory
- rhn.redhat.com/errata/RHSA-2013-0197.htmlnvdVendor Advisory
- rhn.redhat.com/errata/RHSA-2013-0198.htmlnvdVendor Advisory
- rhn.redhat.com/errata/RHSA-2013-0221.htmlnvdVendor Advisory
- secunia.com/advisories/51984nvdVendor Advisory
- secunia.com/advisories/52054nvdVendor Advisory
- archives.neohapsis.com/archives/bugtraq/2013-12/0134.htmlnvd
- rhn.redhat.com/errata/RHSA-2013-0533.htmlnvd
- securitytracker.com/idnvd
- www.exploit-db.com/exploits/30211nvd
- www.securityfocus.com/bid/57552nvd
- bugzilla.redhat.com/show_bug.cginvd
- exchange.xforce.ibmcloud.com/vulnerabilities/81511nvd
News mentions
0No linked articles in our index yet.