wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service

A vulnerability was found in Wildfly's Enterprise Java Beans EJB, where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the...

wildfly: EJB SessionOpenInvocations may not be removed properly after a response is received causing Denial of Service

A vulnerability was found in Wildfly's Enterprise Java Beans EJB, where SessionOpenInvocations are never removed from the remote InvocationTracker after a response is received in the EJB Client, as well as the server. This flaw allows an attacker to craft a denial of service attack to make the...

wildfly: Some EJB transaction objects may get accumulated causing Denial of Service

A flaw was found in Wildfly's EJB Client, where the accumulation of specific EJB transaction objects over time can cause services to slow down and eventually become unavailable. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is to system...

Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain

A flaw was found in wildfly. The EJBContext principle is not popped back after invoking another EJB using a different Security Domain. The highest threat from this vulnerability is to data confidentiality and integrity...

Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain

A flaw was found in wildfly. The EJBContext principle is not popped back after invoking another EJB using a different Security Domain. The highest threat from this vulnerability is to data confidentiality and integrity...

Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain

A flaw was found in wildfly. The EJBContext principle is not popped back after invoking another EJB using a different Security Domain. The highest threat from this vulnerability is to data confidentiality and integrity...

Arbitrary EJB QL Command Execution

jbossas is vulnerable to arbitrary EJB QL command execution. The vulnerability exists as the setOrder method in the org.jboss.seam.framework.Query class did not correctly validate user-supplied parameters. This vulnerability allowed remote attackers to inject, and execute, arbitrary Enterprise...

The vulnerability of the EJB Container component of Oracle WebLogic Server allows a perpetrator to gain unauthorized access to protected data.

The vulnerability of the EJB Container component of Oracle WebLogic Server is related to access control deficiencies. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected data using the T3 protocol...

CVE-2012-4549

A flaw was found in JBoss Enterprise Application Platform. The processInvocation function within the org.jboss.as.ejb3.security.AuthorizationInterceptor component incorrectly authorizes all requests when no roles are defined for an Enterprise Java Beans EJB method invocation. This allows attacker...

JBoss Enterprise Application Platform: org.jboss.as.ejb3: JBoss Enterprise Application Platform: Access restriction bypass via improper EJB method authorization

A flaw was found in JBoss Enterprise Application Platform. The processInvocation function within the org.jboss.as.ejb3.security.AuthorizationInterceptor component incorrectly authorizes all requests when no roles are defined for an Enterprise Java Beans EJB method invocation. This allows attacker...

CVE-2009-0506

Unspecified vulnerability in IBM WebSphere Application Server WAS 5.1 and 6.0.2 before 6.0.2.33 on z/OS, when CSIv2 Identity Assertion is enabled and Enterprise JavaBeans EJB interaction occurs between a WAS 6.1 instance and a WAS pre-6.1 instance, allows local users to have an unknown impact via...

JBossEAP allows download of non-EJB class files

The default configuration of the JBossAs component in Red Hat JBoss Enterprise Application Platform aka JBossEAP or EAP, possibly 4.2 before CP04 and 4.3 before CP02, when a production environment is enabled, sets the DownloadServerClasses property to true, which allows remote attackers to obtain...

EJBQL injection via 'order' parameter

The getRenderedEjbql method in the org.jboss.seam.framework.Query class in JBoss Seam 2.x before 2.0.0.CR3 allows remote attackers to inject and execute arbitrary EJBQL commands via the order parameter...

BEA WebLogic Server allows unauthorized removal of EJB objects

Overview There is a vulnerability in the BEA WebLogic Server that could allow the unauthorized removal of an Enterprise JavaBean EJB. Description BEA Systems describes WebLogic Server as "an industrial-strength application infrastructure for developing, integrating, securing, and managing...