Vigil@nce: JBoss, privilege elevation via ESB
July 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
In some cases, data of a service using the ESB component can be
processed with incorrect privileges.
– Severity: 2/4
– Creation date: 23/07/2010
DESCRIPTION OF THE VULNERABILITY
The JBoss ESB component provides the communication interface for
distributed services.
In the normal case, a service runs with credentials of its domain.
However, in some cases, data of a service using the ESB component
can be processed with incorrect privileges.
A service can therefore be run with elevated privileges, which can
create a vulnerability, depending on the service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/JBoss-privilege-elevation-via-ESB-9786