CVE-2014-0245

EPSS 1.0%

Vexday Risk Score

3Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS —EPSS 1.0%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

02 Jan 2020Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

It was found that the implementation of the GTNSubjectCreatingInterceptor class in gatein-wsrp was not thread safe. For a specific WSRP endpoint, under high-concurrency scenarios or scenarios where SOAP messages take long to execute, it was possible for an unauthenticated remote attacker to gain privileged information if WS-Security is enabled for the WSRP Consumer, and the endpoint in question is being used by a privileged user. This affects JBoss Portal 6.2.0.

Affected products

Red Hat · JBoss Portal

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://access.redhat.com/errata/RHSA-2015:1009 https://access.redhat.com/security/cve/cve-2014-0245 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0245