Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2013-2133 Vulnerability in maven package org.wildfly:wildfly-ejb3

Description

The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) before 6.2.0, does not properly enforce the method level restrictions for JAX-WS Service endpoints, which allows remote authenticated users to access otherwise restricted JAX-WS handlers by leveraging permissions to the EJB class.

Remediation

References

http://rhn.redhat.com/errata/RHSA-2013-1784.html

http://rhn.redhat.com/errata/RHSA-2013-1785.html

http://rhn.redhat.com/errata/RHSA-2013-1786.html

http://rhn.redhat.com/errata/RHSA-2015-0850.html

http://rhn.redhat.com/errata/RHSA-2015-0851.html

http://www.securitytracker.com/id/1029431

Related Vulnerabilities

CVE-2021-21175 Vulnerability in maven package org.webjars.npm:electron

CVE-2012-4431 Vulnerability in maven package org.apache.tomcat:catalina

CVE-2020-6451 Vulnerability in npm package electron

CVE-2019-10279 Vulnerability in maven package org.jenkins-ci.plugins:jenkins-reviewbot

CVE-2020-11022 Vulnerability in maven package org.webjars.npm:jquery

Severity

Critical

Classification

CWE-264

Tags

Vendor Advisory