10 matches found
EUVD-2014-3476
Malware in sbrugna...
CVE-2014-3464
The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform EAP 6.2.0 and 6.3.0, does not properly enforce the method level restrictions for outbound messages, which allows remote authenticated users to access otherwise restricted JAX-WS handlers...
CVE-2014-3464
The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform EAP 6.2.0 and 6.3.0, does not properly enforce the method level restrictions for outbound messages, which allows remote authenticated users to access otherwise restricted JAX-WS handlers...
RHEL 5 : JBoss EAP (RHSA-2013:1784)
An update for Red Hat JBoss Enterprise Application Platform 6.2.0, which fixes two security issues, several bugs, and adds various enhancements, is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having low security impact. Common...
CVE-2013-2133
The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform EAP before 6.2.0, does not properly enforce the method level restrictions for JAX-WS Service endpoints, which allows remote authenticated users to access otherwise restricted JAX-WS...
Input validation
The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform EAP before 6.2.0, does not properly enforce the method level restrictions for JAX-WS Service endpoints, which allows remote authenticated users to access otherwise restricted JAX-WS...
CVE-2013-2133
The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform EAP before 6.2.0, does not properly enforce the method level restrictions for JAX-WS Service endpoints, which allows remote authenticated users to access otherwise restricted JAX-WS...
CVE-2013-4213
Red Hat JBoss Enterprise Application Platform EAP 6.1.0 does not properly cache EJB invocations by the EJB client API, which allows remote attackers to hijack sessions by using an EJB client...
CVE-2013-4128
Red Hat JBoss Enterprise Application Platform EAP 6.1.0 does not properly cache EJB invocations by remote-naming, which allows remote attackers to hijack sessions by using a remoting client...
ejb-client: Session fixation due improper connection caching
Red Hat JBoss Enterprise Application Platform EAP 6.1.0 does not properly cache EJB invocations by the EJB client API, which allows remote attackers to hijack sessions by using an EJB client...