CVE-2013-4213

Red Hat JBoss Enterprise Application Platform 6.1.0 - Remote Session Hijacking via EJB Client API

Title source: llm
STIX 2.1

Description

Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does not properly cache EJB invocations by the EJB client API, which allows remote attackers to hijack sessions by using an EJB client.

References (8)

Core 8
Core References
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1152.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/86387
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/96216
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/54508
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1437.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1028898
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=985359
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1151.html

Scores

EPSS 0.0247
EPSS Percentile 82.6%

Details

CWE
CWE-284
Status published
Products (1)
redhat/jboss_enterprise_application_platform 6.1.0
Published Aug 16, 2013
Tracked Since Feb 18, 2026