Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2013-4128

Опубликовано: 11 июл. 2013
Источник: redhat
CVSS2: 6.4
EPSS Низкий

Описание

Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does not properly cache EJB invocations by remote-naming, which allows remote attackers to hijack sessions by using a remoting client.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat JBoss Data Grid 6remote-namingNot affected
Red Hat JBoss Enterprise Web Server 1othersNot affected
Red Hat JBoss Portal 6remote-namingAffected
Red Hat JBoss Enterprise Application Platform 6.1FixedRHSA-2013:115212.08.2013
Red Hat JBoss Enterprise Application Platform 6 for RHEL 5jboss-as-client-allFixedRHSA-2013:115112.08.2013
Red Hat JBoss Enterprise Application Platform 6 for RHEL 5jboss-ejb-clientFixedRHSA-2013:115112.08.2013
Red Hat JBoss Enterprise Application Platform 6 for RHEL 5jboss-remote-namingFixedRHSA-2013:115112.08.2013
Red Hat JBoss Enterprise Application Platform 6 for RHEL 6jboss-as-client-allFixedRHSA-2013:115112.08.2013
Red Hat JBoss Enterprise Application Platform 6 for RHEL 6jboss-ejb-clientFixedRHSA-2013:115112.08.2013
Red Hat JBoss Enterprise Application Platform 6 for RHEL 6jboss-remote-namingFixedRHSA-2013:115112.08.2013

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-384
https://bugzilla.redhat.com/show_bug.cgi?id=984795remote-naming: Session fixation due improper connection caching

EPSS

Процентиль: 71%
0.00688
Низкий

6.4 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2013-4128

ubuntu
больше 12 лет назад

Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does not properly cache EJB invocations by remote-naming, which allows remote attackers to hijack sessions by using a remoting client.

nvd логотип

CVE-2013-4128

nvd
больше 12 лет назад

Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does not properly cache EJB invocations by remote-naming, which allows remote attackers to hijack sessions by using a remoting client.

debian логотип

CVE-2013-4128

debian
больше 12 лет назад

Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does not pro ...

github логотип

GHSA-mj2q-jjfm-w2rq

github
больше 3 лет назад

Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does not properly cache EJB invocations by remote-naming, which allows remote attackers to hijack sessions by using a remoting client.

EPSS

Процентиль: 71%
0.00688
Низкий

6.4 Medium

CVSS2