Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does not properly
cache EJB invocations by remote-naming, which allows remote attackers to
hijack sessions by using a remoting client.
Author | Note |
---|---|
jdstrand | per Debian, only builds a few libraries, not the full application server |