CVE-2005-4709
The CVE concerns JBoss EJB 3.0 RC3. The popSubjectContext method in SecurityAssociation preserves threadPrincipal and threadCredential from a prior client after the session ends, enabling a remote attacker to assume the roles of that previous client on the same server thread. This is described as...