CVE-2012-0874

EXPLOITED RANSOMWARE

JBoss EAP/EWP/BRMS/SOA <5.2.0-5.3.1 - RCE

Title source: llm

Description

The (1) JMXInvokerHAServlet and (2) EJBInvokerHAServlet invoker servlets in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 do not require authentication by default in certain profiles, which might allow remote attackers to invoke MBean methods and execute arbitrary code via unspecified vectors. NOTE: this issue can only be exploited when the interceptor is not properly configured with a "second layer of authentication," or when used in conjunction with other vulnerabilities that bypass this second layer.

Exploits (1)

exploitdb WORKING POC

by rgod · textremotewindows

https://www.exploit-db.com/exploits/30211

View Code ZIP pw:eip

References (18)

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2013-0533.html

[Third Party Advisory] http://archives.neohapsis.com/archives/bugtraq/2013-12/0134.html

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2013-0191.html

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2013-0192.html

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2013-0193.html

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2013-0194.html

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2013-0195.html

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2013-0196.html

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2013-0197.html

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2013-0198.html

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2013-0221.html

[Vendor Advisory] http://secunia.com/advisories/51984

[Vendor Advisory] http://secunia.com/advisories/52054

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1028042

[Issue Tracking] https://bugzilla.redhat.com/show_bug.cgi?id=795645

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/81511

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/57552

[Exploit, Third Party Advisory] http://www.exploit-db.com/exploits/30211

Scores

EPSS 0.5129

EPSS Percentile 97.8%

Exploitation Intel

VulnCheck KEV 2018-03-28

Ransomware Use Confirmed

Classification

CWE

CWE-287

Status draft

Affected Products (3)

redhat/jboss_enterprise_application_platform

redhat/jboss_enterprise_web_platform

redhat/jboss_enterprise_brms_platform < 5.3.0

Timeline

Published Feb 05, 2013

Tracked Since Feb 18, 2026