CVE-2013-4213

critical

Description

Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does not properly cache EJB invocations by the EJB client API, which allows remote attackers to hijack sessions by using an EJB client.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/86387

https://bugzilla.redhat.com/show_bug.cgi?id=985359

http://www.securitytracker.com/id/1028898

http://secunia.com/advisories/54508

http://rhn.redhat.com/errata/RHSA-2013-1437.html

http://rhn.redhat.com/errata/RHSA-2013-1152.html

http://rhn.redhat.com/errata/RHSA-2013-1151.html

http://osvdb.org/96216

Details

Source: Mitre, NVD

Published: 2013-08-16

Updated: 2017-08-29

Risk Information

CVSS v2

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical

Detections

Analytics