Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2013-4213

Опубликовано: 27 июн. 2013
Источник: redhat
CVSS2: 6.4

Описание

Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does not properly cache EJB invocations by the EJB client API, which allows remote attackers to hijack sessions by using an EJB client.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat JBoss Data Grid 6remote-namingNot affected
Red Hat JBoss Enterprise Web Server 1othersNot affected
Red Hat JBoss Portal 6remote-namingAffected
Red Hat JBoss Enterprise Application Platform 6.1FixedRHSA-2013:115212.08.2013
Red Hat JBoss Enterprise Application Platform 6 for RHEL 5jboss-as-client-allFixedRHSA-2013:115112.08.2013
Red Hat JBoss Enterprise Application Platform 6 for RHEL 5jboss-ejb-clientFixedRHSA-2013:115112.08.2013
Red Hat JBoss Enterprise Application Platform 6 for RHEL 5jboss-remote-namingFixedRHSA-2013:115112.08.2013
Red Hat JBoss Enterprise Application Platform 6 for RHEL 6jboss-as-client-allFixedRHSA-2013:115112.08.2013
Red Hat JBoss Enterprise Application Platform 6 for RHEL 6jboss-ejb-clientFixedRHSA-2013:115112.08.2013
Red Hat JBoss Enterprise Application Platform 6 for RHEL 6jboss-remote-namingFixedRHSA-2013:115112.08.2013

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-384
https://bugzilla.redhat.com/show_bug.cgi?id=985359ejb-client: Session fixation due improper connection caching

6.4 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2013-4213

ubuntu
больше 12 лет назад

Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does not properly cache EJB invocations by the EJB client API, which allows remote attackers to hijack sessions by using an EJB client.

nvd логотип

CVE-2013-4213

nvd
больше 12 лет назад

Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does not properly cache EJB invocations by the EJB client API, which allows remote attackers to hijack sessions by using an EJB client.

debian логотип

CVE-2013-4213

debian
больше 12 лет назад

Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does not pro ...

github логотип

GHSA-36g9-q537-hg7w

github
больше 3 лет назад

Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does not properly cache EJB invocations by the EJB client API, which allows remote attackers to hijack sessions by using an EJB client.

6.4 Medium

CVSS2