Red Hat Customer Portal

Skip to main content

CVE-2013-4213

Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does not properly cache EJB invocations by the EJB client API, which allows remote attackers to hijack sessions by using an EJB client.

Details Source

Mitre

Public Date

2013-06-27 00:00:00

Impact

Important

Bugzilla

CVE-2013-4213 JBoss ejb-client: Session fixation due improper connection caching

Bugzilla ID

985 359

CVSS Status

verified

Base Score

6.40

Base Metrics

AV:N/AC:L/Au:N/C:P/I:P/A:N

Acknowledgements

This issue was discovered by Wolf-Dieter Fink of the Red Hat GSS Team.

Red Hat Security Errata

Platform Errata Release Date
Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 Server RHSA-2013:1151 2013-08-12
Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 Server RHSA-2013:1151 2013-08-12
Red Hat JBoss Portal Platform 6.1 RHSA-2013:1437 2013-10-16
Red Hat JBoss Enterprise Application Platform 6.1 RHSA-2013:1152 2013-08-12

CWE

CWE-384

Affected Packages State

Platform Package State
Red Hat Jboss Data Grid 6 remote-naming Not affected