CVE-2014-3464
CVE-2014-3464 affects Red Hat JBossWS used in JBoss EAP 6.2.0 and 6.3.0. The EJB invocation handler fails to enforce method-level restrictions for outbound messages, allowing remote authenticated users to access restricted JAX-WS handlers via permissions to the EJB class. This stems from an incom...