Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2013-2133

Опубликовано: 06 дек. 2013
Источник: nvd
CVSS2: 5.5
EPSS Низкий

Описание

The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) before 6.2.0, does not properly enforce the method level restrictions for JAX-WS Service endpoints, which allows remote authenticated users to access otherwise restricted JAX-WS handlers by leveraging permissions to the EJB class.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:redhat:jboss_enterprise_application_platform:*:*:*:*:*:*:*:*
Версия до 6.1.0 (включая)
cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp09:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp10:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.0.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.1.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.1.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.1.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.2.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.2.1:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.2.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.1:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

EPSS

Процентиль: 55%
0.00326
Низкий

5.5 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

ubuntu логотип

CVE-2013-2133

ubuntu
почти 12 лет назад

The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) before 6.2.0, does not properly enforce the method level restrictions for JAX-WS Service endpoints, which allows remote authenticated users to access otherwise restricted JAX-WS handlers by leveraging permissions to the EJB class.

redhat логотип

CVE-2013-2133

redhat
почти 12 лет назад

The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) before 6.2.0, does not properly enforce the method level restrictions for JAX-WS Service endpoints, which allows remote authenticated users to access otherwise restricted JAX-WS handlers by leveraging permissions to the EJB class.

github логотип

GHSA-2579-mjx2-r625

github
больше 3 лет назад

The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) before 6.2.0, does not properly enforce the method level restrictions for JAX-WS Service endpoints, which allows remote authenticated users to access otherwise restricted JAX-WS handlers by leveraging permissions to the EJB class.

EPSS

Процентиль: 55%
0.00326
Низкий

5.5 Medium

CVSS2

Дефекты

CWE-264