Lucene search
HistoryAug 16, 2013 - 4:55 p.m.
CVE-2013-4128
6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
6.5 Medium
AI Score
Confidence
Low
0.007 Low
EPSS
Percentile
80.4%
Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does not properly cache EJB invocations by remote-naming, which allows remote attackers to hijack sessions by using a remoting client.
Affected configurations
Node
redhatjboss_enterprise_application_platformMatch6.1.0
References
Related
veracode
veracode
Session Hijacking
2019-01-15 08:57:33
Weak Authentication
2019-05-02 04:48:27
ubuntucve
ubuntucve
CVE-2013-4128
2013-08-16 00:00:00
cvelist
cvelist
CVE-2013-4128
2013-08-16 16:00:00
cve
cve
CVE-2013-4128
2013-08-16 16:55:03
prion
prion
Design/Logic Flaw
2013-08-16 16:55:00
redhat
redhat
nessus
nessus
RHEL 5 / 6 : JBoss EAP (RHSA-2013:1151)
2013-08-13 00:00:00
Red Hat JBoss Enterprise Application Platform 6.1.0 Security Update (RHSA-2013:1152)
2014-02-03 00:00:00
JBoss Portal 6.1.0 Update (RHSA-2013:1437)
2014-01-31 00:00:00
6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
6.5 Medium
AI Score
Confidence
Low
0.007 Low
EPSS
Percentile
80.4%
Related for NVD:CVE-2013-4128