Vulnerability Description
Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does not properly cache EJB invocations by the EJB client API, which allows remote attackers to hijack sessions by using an EJB client.
CVSS Score
6.4
MEDIUM
AV:N/AC:L/Au:N/C:P/I:P/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Jboss Enterprise Application Platform | 6.1.0 |
Related Weaknesses (CWE)
References
- http://osvdb.org/96216
- http://rhn.redhat.com/errata/RHSA-2013-1151.htmlVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2013-1152.htmlVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2013-1437.htmlVendor Advisory
- http://secunia.com/advisories/54508
- http://www.securitytracker.com/id/1028898Third Party AdvisoryVDB Entry
- https://bugzilla.redhat.com/show_bug.cgi?id=985359Issue Tracking
- https://exchange.xforce.ibmcloud.com/vulnerabilities/86387
- http://osvdb.org/96216
- http://rhn.redhat.com/errata/RHSA-2013-1151.htmlVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2013-1152.htmlVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2013-1437.htmlVendor Advisory
- http://secunia.com/advisories/54508
- http://www.securitytracker.com/id/1028898Third Party AdvisoryVDB Entry
- https://bugzilla.redhat.com/show_bug.cgi?id=985359Issue Tracking
FAQ
What is CVE-2013-4213?
CVE-2013-4213 is a vulnerability with a CVSS score of 6.4 (MEDIUM). Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does not properly cache EJB invocations by the EJB client API, which allows remote attackers to hijack sessions by using an EJB client.
How severe is CVE-2013-4213?
CVE-2013-4213 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-4213?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Jboss Enterprise Application Platform.