CVE-2013-2133
5.5
Vector
AV:N/AC:L/Au:S/C:P/I:P/A:N
Exploitability: 8.0 / Impact: 4.9
Source: NVD
Description
The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) before 6.2.0, does not properly enforce the method level restrictions for JAX-WS Service endpoints, which allows remote authenticated users to access otherwise restricted JAX-WS handlers by leveraging permissions to the EJB class.
Affected (17)
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Up to 6.1.0 |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Version 5 |
Related CWEs
References (12)
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: secalert@redhat.com
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Timeline
No history available yet.