Vulnerability Description
The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) before 6.2.0, does not properly enforce the method level restrictions for JAX-WS Service endpoints, which allows remote authenticated users to access otherwise restricted JAX-WS handlers by leveraging permissions to the EJB class.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Jboss Enterprise Application Platform | <= 6.1.0 |
| Redhat | Enterprise Linux | 5 |
Related Weaknesses (CWE)
References
- http://rhn.redhat.com/errata/RHSA-2013-1784.htmlVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2013-1785.htmlVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2013-1786.htmlVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2015-0850.html
- http://rhn.redhat.com/errata/RHSA-2015-0851.html
- http://www.securitytracker.com/id/1029431
- http://rhn.redhat.com/errata/RHSA-2013-1784.htmlVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2013-1785.htmlVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2013-1786.htmlVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2015-0850.html
- http://rhn.redhat.com/errata/RHSA-2015-0851.html
- http://www.securitytracker.com/id/1029431
FAQ
What is CVE-2013-2133?
CVE-2013-2133 is a vulnerability with a CVSS score of 5.5 (MEDIUM). The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) before 6.2.0, does not properly enforce the method level restrictions for JAX-WS Se...
How severe is CVE-2013-2133?
CVE-2013-2133 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-2133?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Jboss Enterprise Application Platform, Redhat Enterprise Linux.