V
Scaner-VS
HomeCatalogSourcesCWECAPECATT&CKMitigationsProductsVendorsDocs
CVE-2013-2133
CVE
Medium

The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) before 6.2.0, does not…

CVSS
4.0
Medium
EPSS
0.02
p75
Published
2013-01-01
Updated
2013-01-01
Description

The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) before 6.2.0, does not properly enforce the method level restrictions for JAX-WS Service endpoints, which allows remote authenticated users to access otherwise restricted JAX-WS handlers by leveraging permissions to the EJB class.

Tags · CWE
CWE-264
CWE-862
CAPEC-665
Affected products
Antlr-eap6Antlr-eap6Apache-commons-beanutilsApache-commons-beanutilsApache-commons-cliApache-commons-cliApache-commons-configurationApache-commons-configurationApache-commons-daemon-eap6Apache-commons-daemon-eap6Apache-commons-pool-eap6Apache-commons-pool-eap6Apache-cxfApache-cxfApache-cxf-xjc-utilsApache-cxf-xjc-utilsApache-mime4jApache-mime4jAtinject-eap6Atinject-eap6
CVSS vector
AV:N/AC:L/Au:S/C:N/I:P/A:N
Timeline
2013-01-01
Published
2013-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: L
Low (L)
Authentication
Au: S
Single
Confidentiality Impact
C: N
None (N)
Integrity Impact
I: P
Partial
Availability Impact
A: N
None (N)
Exploit indicators
EPSS
0.018 · p75
Known exploited (KEV)
No
MITRE ATT&CK
Inferred via CAPEC
└ via CAPEC-665 · CWE-862
└ via CAPEC-665 · CWE-862
└ via CAPEC-665 · CWE-862
Known exploits — Сканер-ВС
No Сканер-ВС checks registered for this vulnerability yet.
Affected products
ProductVendorStatus
antlr-eap6Tracked
antlr-eap6Tracked
apache-commons-beanutilsTracked
apache-commons-beanutilsTracked
apache-commons-cliTracked
apache-commons-cliTracked
apache-commons-configurationTracked
apache-commons-configurationTracked
apache-commons-daemon-eap6Tracked
apache-commons-daemon-eap6Tracked
apache-commons-pool-eap6Tracked
apache-commons-pool-eap6Tracked
apache-cxfTracked
apache-cxfTracked
apache-cxf-xjc-utilsTracked
apache-cxf-xjc-utilsTracked
apache-mime4jTracked
apache-mime4jTracked
atinject-eap6Tracked
atinject-eap6Tracked
Showing first 20 of 300
Source databases
CVE
RED
UBU