Date: Fri, 23 Jul 2010 13:41:40 +0200 From: Marc Schoenefeld <mschoene@...hat.com> To: oss-security <oss-security@...ts.openwall.com> Subject: CVE assignment notification -- CVE-2010-2474 -- JBossESB Hello Steve, JBossESB: privilege escalation in cross-domain contexts The security context from an authentication request should check the domain and invalidate the information if the service is secured with a different security domain. At present the execution of a service with a different domain could result in the pipeline being executed differing credentials, one set from the first domain if the request is still valid, a second set from the second domain if it has expired. References: ---------- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-2474 http://fisheye.jboss.org/changelog/JBossESB/?cs=33454 CVE identifier of CVE-2010-2474 has been already assigned to these issues. Thanks && Regards, Marc -- Marc Schoenefeld / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ