CVE-2014-0245

CWE-362 — Race Condition5 documents5 sources

Severity

5.9MEDIUM

EPSS

0.4%

top 38.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

RED HAT Jboss Portal Redhat Jboss Portal

Timeline

PublishedJan 2

Latest updateMay 17

Description

It was found that the implementation of the GTNSubjectCreatingInterceptor class in gatein-wsrp was not thread safe. For a specific WSRP endpoint, under high-concurrency scenarios or scenarios where SOAP messages take long to execute, it was possible for an unauthenticated remote attacker to gain privileged information if WS-Security is enabled for the WSRP Consumer, and the endpoint in question is being used by a privileged user. This affects JBoss Portal 6.2.0.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

▶NVDredhat/jboss_portal6.2.0

▶CVEListV5red_hat/jboss_portal6.2.0

🔴Vulnerability Details

GHSA

GHSA-4xc9-63p3-pjqr: It was found that the implementation of the GTNSubjectCreatingInterceptor class in gatein-wsrp was not thread safe↗2022-05-17

▶

CVEList

CVE-2014-0245: It was found that the implementation of the GTNSubjectCreatingInterceptor class in gatein-wsrp was not thread safe↗2020-01-02

▶

📋Vendor Advisories

Red Hat

WSRP: Information disclosure via unsafe concurrency handling in interceptor↗2015-03-10

▶

💬Community

Bugzilla

CVE-2014-0245 GateIn WSRP: Information disclosure via unsafe concurrency handling in interceptor↗2014-05-26

▶