CVE-2013-4213
Red Hat JBoss Enterprise Application Platform 6.1.0 - Remote Session Hijacking via EJB Client API
Title source: llmDescription
Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does not properly cache EJB invocations by the EJB client API, which allows remote attackers to hijack sessions by using an EJB client.
References (8)
Core 8
Core References
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1152.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/86387
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/96216
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/54508
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1437.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1028898
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=985359
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1151.html
Scores
EPSS
0.0247
EPSS Percentile
82.6%
Details
CWE
CWE-284
Status
published
Products (1)
redhat/jboss_enterprise_application_platform
6.1.0
Published
Aug 16, 2013
Tracked Since
Feb 18, 2026