OSVDB ID: 80557

Title: JBoss Operations Network Security Token Validation Failure Session Hijacking

Info

Disclosure

Mar 20, 2012

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

JBoss Operations Network does not properly verify security tokens. This may allow an attacker to hijiack another user's session.

Classification

Location: Remote / Network Access
Attack Type: Authentication Management
Impact: Loss of Integrity
Solution: Upgrade
Exploit: Exploit Unknown
Disclosure: Third-party Verified
OSVDB: Web Related

Solution

Upgrade to version 3.0.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Red Hat, Inc.

JBoss Operations Network

3.0.0

References

Security Tracker: 1026628
CVE ID: 2012-0052 (see also: NVD)
Secunia Advisory ID: 48487
Related OSVDB ID: 80558 80559
RedHat RHSA: RHSA-2012:0406

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/80557