Lucene search
K

6 matches found

Prion
Prion
added 2014/08/19 6:55 p.m.22 views

Input validation

The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform EAP 6.2.0 and 6.3.0, does not properly enforce the method level restrictions for outbound messages, which allows remote authenticated users to access otherwise restricted JAX-WS handlers...

5.5CVSS6.4AI score0.01809EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2014/08/19 6:0 p.m.40 views

CVE-2014-3464

The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform EAP 6.2.0 and 6.3.0, does not properly enforce the method level restrictions for outbound messages, which allows remote authenticated users to access otherwise restricted JAX-WS handlers...

6.2AI score0.01087EPSS
Exploits0References5
CVE
CVE
added 2014/08/19 6:0 p.m.63 views

CVE-2014-3464

CVE-2014-3464 affects Red Hat JBossWS used in JBoss EAP 6.2.0 and 6.3.0. The EJB invocation handler fails to enforce method-level restrictions for outbound messages, allowing remote authenticated users to access restricted JAX-WS handlers via permissions to the EJB class. This stems from an incom...

5.5CVSS8.9AI score0.01087EPSS
Exploits0References5Affected Software1
RedHat Linux
RedHat Linux
added 2014/08/06 3:3 p.m.6 views

WS: Incomplete fix for CVE-2013-2133

It was found that the fix for CVE-2013-2133 was incomplete: the JAX-WS handlers were being executed for outbound messages even when authorization had failed. A remote attacker who is authorized to access the EJB class, could invoke a JAX-WS handler which they were not authorized to invoke...

5.5CVSS5.8AI score0.01809EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2013/12/04 6:0 p.m.8 views

WS: EJB3 role restrictions are not applied to jaxws handlers

A flaw was found in the way method-level authorization for JAX-WS Service endpoints was performed by the EJB invocation handler implementation. Any restrictions declared on EJB methods were ignored when executing the JAX-WS handlers, and only class-level restrictions were applied. A remote attack...

5.5CVSS5.8AI score0.01809EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2013/12/04 5:16 p.m.2 views

WS: EJB3 role restrictions are not applied to jaxws handlers

A flaw was found in the way method-level authorization for JAX-WS Service endpoints was performed by the EJB invocation handler implementation. Any restrictions declared on EJB methods were ignored when executing the JAX-WS handlers, and only class-level restrictions were applied. A remote attack...

5.5CVSS5.8AI score0.01809EPSS
Exploits0References4
Rows per page
Query Builder