VDB
CVE-2013-2133
CVE-2013-2133
PUBLISHED
Reported by redhat · Published December 6, 2013
The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) before 6.2.0, does not properly enforce the method level restrictions for JAX-WS Service endpoints, which allows remote authenticated users to access otherwise restricted JAX-WS handlers by leveraging permissions to the EJB class.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| n/a | n/a | n/a, n/a |
Timeline
- Dec 6, 2013 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- RHSA-2015:0850 vendor-advisoryx_refsource_REDHAT
- RHSA-2013:1785 vendor-advisoryx_refsource_REDHAT
- 1029431 vdb-entryx_refsource_SECTRACK
- RHSA-2015:0851 vendor-advisoryx_refsource_REDHAT
- RHSA-2013:1784 vendor-advisoryx_refsource_REDHAT
- RHSA-2013:1786 vendor-advisoryx_refsource_REDHAT