Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2013-2133 Vulnerability in maven package org.wildfly:wildfly-ejb3

Description

The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) before 6.2.0, does not properly enforce the method level restrictions for JAX-WS Service endpoints, which allows remote authenticated users to access otherwise restricted JAX-WS handlers by leveraging permissions to the EJB class.

Remediation

References

http://rhn.redhat.com/errata/RHSA-2013-1784.html

http://rhn.redhat.com/errata/RHSA-2013-1785.html

http://rhn.redhat.com/errata/RHSA-2013-1786.html

http://rhn.redhat.com/errata/RHSA-2015-0850.html

http://rhn.redhat.com/errata/RHSA-2015-0851.html

http://www.securitytracker.com/id/1029431

Related Vulnerabilities

CVE-2023-46998 Vulnerability in maven package org.webjars.npm:bootbox.js

CVE-2021-46440 Vulnerability in npm package strapi

CVE-2023-32261 Vulnerability in maven package org.jenkins-ci.plugins:dimensionsscm

CVE-2019-0224 Vulnerability in maven package org.apache.jspwiki:jspwiki-builder

CVE-2021-21119 Vulnerability in maven package org.webjars.npm:electron

Severity

Critical

Classification

CWE-264

Tags

Vendor Advisory