CVE-2013-4128

Published: Aug 16, 2013Modified: Apr 29, 2026

6.4

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Exploitability: 10.0 / Impact: 4.9

Source: NVD

Description

Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does not properly cache EJB invocations by remote-naming, which allows remote attackers to hijack sessions by using a remoting client.

Affected (1)

Products: Redhat: Jboss Enterprise Application Platform

Redhat

1 product

Jboss Enterprise Application Platform

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Jboss Enterprise Application Platform	Version 6.1.0

Related CWEs

CWE-16

References (16)

http://osvdb.org/96217

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2013-1151.html

Source: secalert@redhat.com

Vendor Advisory

http://rhn.redhat.com/errata/RHSA-2013-1152.html

Source: secalert@redhat.com

Vendor Advisory

http://rhn.redhat.com/errata/RHSA-2013-1437.html

Source: secalert@redhat.com

http://secunia.com/advisories/54508

Source: secalert@redhat.com

Vendor Advisory

http://www.securitytracker.com/id/1028898

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=984795

Source: secalert@redhat.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/86386

Source: secalert@redhat.com

http://osvdb.org/96217