The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) prior to 6.2.0, does not properly enforce the method level restrictions for JAX-WS Service endpoints, which allows remote authenticated users to access otherwise restricted JAX-WS handlers by leveraging permissions to the EJB class.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
redhat jboss enterprise application platform 5.2.0 |
||
redhat jboss enterprise application platform 5.1.2 |
||
redhat jboss enterprise application platform 4.2.0 |
||
redhat jboss enterprise application platform 6.0.1 |
||
redhat jboss enterprise application platform 6.0.0 |
||
redhat jboss enterprise application platform 5.0.1 |
||
redhat jboss enterprise application platform 5.0.0 |
||
redhat jboss enterprise application platform |
||
redhat jboss enterprise application platform 5.1.1 |
||
redhat jboss enterprise application platform 5.1.0 |
||
redhat jboss enterprise application platform 5.2.2 |
||
redhat jboss enterprise application platform 5.2.1 |
||
redhat jboss enterprise application platform 4.3.0 |
||
redhat enterprise linux 5 |
||
redhat enterprise linux 6.0 |
Vulmon