org.jboss.eap:wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution

A security flaw exists in WildFly and JBoss Enterprise Application Platform EAP within the Enterprise JavaBeans EJB remote invocation mechanism. This vulnerability stems from untrusted data deserialization handled by JBoss Marshalling. This flaw allows an attacker to send a specially crafted...

wildfly: unsafe deserialization in Wildfly Enterprise Java Beans

A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans EJB due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity...

wildfly: Wildfly management of EJB Session context returns wrong caller principal with Elytron Security enabled

A flaw was found in Wildfly, where it returns an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have...

Red Hat JBoss EJB Client 安全漏洞

Red Hat JBoss EJB Client is an application server client for the Red Hat community in the United States. It provides a container for managing EJBs. A security vulnerability exists in Red Hat JBoss EJB Client that stems from a post-release reuse in the jboss client, resulting in an application...

wildfly: Information disclosure due to publicly accessible privileged actions in JBoss EJB Client

A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on the server it is deployed on. The highest threat from this vulnerability is to data confidentiality...

wildfly: Information disclosure due to publicly accessible privileged actions in JBoss EJB Client

A flaw was found in wildfly. The JBoss EJB client has publicly accessible privileged actions which may lead to information disclosure on the server it is deployed on. The highest threat from this vulnerability is to data confidentiality...

wildfly: unsafe deserialization in Wildfly Enterprise Java Beans

A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans EJB due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity...

wildfly: unsafe deserialization in Wildfly Enterprise Java Beans

A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans EJB due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity...

Wildfly: EJBContext principal is not popped back after invoking another EJB using a different Security Domain

A flaw was found in wildfly. The EJBContext principle is not popped back after invoking another EJB using a different Security Domain. The highest threat from this vulnerability is to data confidentiality and integrity...

wildfly: Some EJB transaction objects may get accumulated causing Denial of Service

A flaw was found in Wildfly's EJB Client, where the accumulation of specific EJB transaction objects over time can cause services to slow down and eventually become unavailable. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is to system...

wildfly: unsafe deserialization in Wildfly Enterprise Java Beans

A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans EJB due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity...

wildfly: unsafe deserialization in Wildfly Enterprise Java Beans

A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans EJB due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity...

wildfly: Some EJB transaction objects may get accumulated causing Denial of Service

A flaw was found in Wildfly's EJB Client, where the accumulation of specific EJB transaction objects over time can cause services to slow down and eventually become unavailable. This flaw allows an attacker to cause a denial of service. The highest threat from this vulnerability is to system...

wildfly: unsafe deserialization in Wildfly Enterprise Java Beans

A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans EJB due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity...

wildfly: unsafe deserialization in Wildfly Enterprise Java Beans

A flaw was found in Wildfly. A remote deserialization attack is possible in the Enterprise Application Beans EJB due to lack of validation/filtering capabilities in wildfly. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availablity...

PT-2020-12305 · Red Hat · Wildfly

Name of the Vulnerable Software and Affected Versions: Wildfly versions prior to 20.0.0.Final Description: A remote deserialization attack is possible in the Enterprise Application Beans EJB due to lack of validation/filtering capabilities in Wildfly. This issue allows for a potential attack...

WS: EJB3 role restrictions are not applied to jaxws handlers

A flaw was found in the way method-level authorization for JAX-WS Service endpoints was performed by the EJB invocation handler implementation. Any restrictions declared on EJB methods were ignored when executing the JAX-WS handlers, and only class-level restrictions were applied. A remote attack...

WS: EJB3 role restrictions are not applied to jaxws handlers

A flaw was found in the way method-level authorization for JAX-WS Service endpoints was performed by the EJB invocation handler implementation. Any restrictions declared on EJB methods were ignored when executing the JAX-WS handlers, and only class-level restrictions were applied. A remote attack...

WS: EJB3 role restrictions are not applied to jaxws handlers

A flaw was found in the way method-level authorization for JAX-WS Service endpoints was performed by the EJB invocation handler implementation. Any restrictions declared on EJB methods were ignored when executing the JAX-WS handlers, and only class-level restrictions were applied. A remote attack...

PT-2013-1685

Name of the Vulnerable Software and Affected Versions JBoss Enterprise Application Platform versions prior to 6.0.1 Description The issue allows attackers to bypass intended access restrictions for EJB methods due to the processInvocation function in...