Input validation

The processInvocation function in org.jboss.as.ejb3.security.AuthorizationInterceptor in JBoss Enterprise Application Platform aka JBoss EAP or JBEAP before 6.0.1, authorizes all requests when no roles are allowed for an Enterprise Java Beans EJB method invocation, which allows attackers to bypas...

JBoss Enterprise Application Platform: org.jboss.as.ejb3: JBoss Enterprise Application Platform: Access restriction bypass via improper EJB method authorization

A flaw was found in JBoss Enterprise Application Platform. The processInvocation function within the org.jboss.as.ejb3.security.AuthorizationInterceptor component incorrectly authorizes all requests when no roles are defined for an Enterprise Java Beans EJB method invocation. This allows attacker...

JBoss Enterprise Application Platform: org.jboss.as.ejb3: JBoss Enterprise Application Platform: Access restriction bypass via improper EJB method authorization

A flaw was found in JBoss Enterprise Application Platform. The processInvocation function within the org.jboss.as.ejb3.security.AuthorizationInterceptor component incorrectly authorizes all requests when no roles are defined for an Enterprise Java Beans EJB method invocation. This allows attacker...

EJBCA 4.0.7 Cross Site Scripting / User Enumeration

Hello list! I want to warn you about multiple security vulnerabilities in Enterprise Java Beans Certificate Authority EJBCA. These are Cross-Site Scripting, Brute Force and Abuse of Functionality vulnerabilities. EJBCA it's a PKI server. Citation from official web site: A Certification Authority...