CVE-2013-2133

The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform EAP before 6.2.0, does not properly enforce the method level restrictions for JAX-WS Service endpoints, which allows remote authenticated users to access otherwise restricted JAX-WS...

Input validation

The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform EAP before 6.2.0, does not properly enforce the method level restrictions for JAX-WS Service endpoints, which allows remote authenticated users to access otherwise restricted JAX-WS...

CVE-2013-2133

The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform EAP before 6.2.0, does not properly enforce the method level restrictions for JAX-WS Service endpoints, which allows remote authenticated users to access otherwise restricted JAX-WS...

OpenJDK: RMI CGIHandler XSS issue (RMI, 6563318)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.240 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via vectors related to RMI. NOTE: the previous information...

OpenJDK: remote code loading enabled by default (RMI, 8001040)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI...

OpenJDK: LogStream.setDefaultStream() missing security restrictions (RMI, 8001329)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI...

OpenJDK: RMIConnectionImpl information disclosure (JMX, 7169888)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, related to JMX...

OpenJDK: RMI registry privileged code execution (RMI, 7083012)

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.233 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to...

OpenJDK: RMI DGC server remote code execution (RMI, 7077466)

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.233 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to...

OpenJDK: LogStream.setDefaultStream() missing security restrictions (RMI, 8001329)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI...

OpenJDK: remote code loading enabled by default (RMI, 8001040)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI...

OpenJDK: RMIConnection stub missing permission check (CORBA, 8011157)

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to CORBA...

ejb-client: Session fixation due improper connection caching

Red Hat JBoss Enterprise Application Platform EAP 6.1.0 does not properly cache EJB invocations by the EJB client API, which allows remote attackers to hijack sessions by using an EJB client...

CVE-2013-3693

The BlackBerry Universal Device Service in BlackBerry Enterprise Service BES 10.0 through 10.1.2 does not properly restrict access to the JBoss Remote Method Invocation RMI interface, which allows remote attackers to upload and execute arbitrary packages via a request to port 1098...

Design/Logic Flaw

The BlackBerry Universal Device Service in BlackBerry Enterprise Service BES 10.0 through 10.1.2 does not properly restrict access to the JBoss Remote Method Invocation RMI interface, which allows remote attackers to upload and execute arbitrary packages via a request to port 1098...

CVE-2013-3693

The BlackBerry Universal Device Service in BlackBerry Enterprise Service BES 10.0 through 10.1.2 does not properly restrict access to the JBoss Remote Method Invocation RMI interface, which allows remote attackers to upload and execute arbitrary packages via a request to port 1098...

CVE-2013-3693

The CVE-2013-3693 issue affects BlackBerry Enterprise Service (BES) 10.0–10.1.2, where the Universal Device Service (UDS) fails to restrict access to the JBoss RMI interface on port 1098, allowing a remote attacker in an adjacent network to upload and execute arbitrary packages. Remediation: upda...

CVE-2013-4316

Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors...

Default configuration

Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors...

CVE-2013-4316

Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation by default, which has unknown impact and attack vectors...