Weak Authentication

Red Hat JBoss Enterprise Application Platform 6 is a platform for Java applications based on JBoss Application Server 7. A flaw was discovered in the way authenticated connections were cached on the server by remote-naming. After a user has successfully logged in, a remote attacker could use a...

JBoss Portal 6.1.0 Update (RHSA-2013:1437)

The version of JBoss Enterprise Portal Platform on the remote system is affected by the following issues: - A flaw in CSRF prevention filter in JBoss Web could allow remote attackers to bypass the cross-site request forgery CSRF protection mechanism via a request that lacks a session identifier...

remote-naming: Session fixation due improper connection caching

Red Hat JBoss Enterprise Application Platform EAP 6.1.0 does not properly cache EJB invocations by remote-naming, which allows remote attackers to hijack sessions by using a remoting client...

JBoss Enterprise Application Platform Remote-Naming连接处理验证绕过漏洞

CVE ID:CVE-2013-4218 JBOSS是一个基于J2EE的开放源代码的应用服务器 通过remote-naming把已验证连接缓存在服务器上时存在一个漏洞，在用户成功登录后，远程攻击者可使用remoting客户端需要密码以该用户身份登录，允许以该用户上下文执行任意操作或访问数据 0 JBoss Enterprise Application Platform 6.1.0 厂商解决方案 用户可参考如下厂商提供的安全公告获得补丁信息： http://rhn.redhat.com/errata/RHSA-2013-1151.html...

CVE-2013-4128

Red Hat JBoss Enterprise Application Platform EAP 6.1.0 does not properly cache EJB invocations by remote-naming, which allows remote attackers to hijack sessions by using a remoting client...

RHEL 5 / 6 : JBoss EAP (RHSA-2013:1151)

Updated Red Hat JBoss Enterprise Application Platform 6.1.0 packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base...

remote-naming: Session fixation due improper connection caching

Red Hat JBoss Enterprise Application Platform EAP 6.1.0 does not properly cache EJB invocations by remote-naming, which allows remote attackers to hijack sessions by using a remoting client...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.1.0 security update

An update for Red Hat JBoss Enterprise Application Platform 6.1.0 that fixes two security issues is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores,...

remote-naming: Session fixation due improper connection caching

Red Hat JBoss Enterprise Application Platform EAP 6.1.0 does not properly cache EJB invocations by remote-naming, which allows remote attackers to hijack sessions by using a remoting client...