CVE-2013-2133
Published Dec 6, 2013
Last updated 6 years ago
Overview
- Description
- The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) before 6.2.0, does not properly enforce the method level restrictions for JAX-WS Service endpoints, which allows remote authenticated users to access otherwise restricted JAX-WS handlers by leveraging permissions to the EJB class.
- Source
- secalert@redhat.com
- NVD status
- Modified
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 5.5
- Impact score
- 4.9
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-264
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "00CE1A18-B944-416D-BF36-8F94C0A3C00F",
"versionEndIncluding": "6.1.0"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9164BEAF-B1D5-4E65-A6CE-F985799467CB"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp09:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "62DB623C-09B0-4192-B0A2-6C9DFA4192CA"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E82B2AD8-967D-4ABE-982B-87B9DE73F8D6"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp10:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "424C0428-6E78-42B2-B77A-921116528D06"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F5D7F1AD-4BD3-4C37-B6B5-B287464B2EEB"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "76D8FCD1-55D5-4187-87DD-39904EDE2EF8"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "972C5C87-E982-44A5-866D-FDEACB5203B8"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C13890AE-5FDE-4698-8A2E-1B2FA0A313AF"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8A785F07-9B76-4153-B676-29C9682B2F73"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "46849C8D-36E9-4E97-BB49-E04F4EB199E6"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "99D29C15-4423-4EB1-BF7F-7081B4EE6416"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E66331CF-15C6-424A-90F8-F8F4FD3EC1E5"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B142ACCC-F7A9-4A3B-BE60-0D6691D5058D"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6F94D102-60EA-4C47-9A39-DAE4704044DD"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AA9B3CC0-DF1C-4A86-B2A3-A9D428A5A6E6"
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC"
}
],
"operator": "OR"
}
]
}
]