Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The popSubjectContext method in the SecurityAssociation class in JBoss Enterprise Java Beans (EJB) 3.0 RC3 maintains the threadPrincipal and threadCredential values from a previous client's authentication after termination of a client session, which allows remote attackers to gain the roles of an arbitrary previous client who had the same JBoss server thread.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
JBoss Enterprise Java Beans (EJB) 3.0 RC3 远程攻击漏洞
Vulnerability Description
JBoss Enterprise Java Beans (EJB) 3.0 RC3的类SecurityAssociation的方法popSubjectContext在结束客户端会话之后还保留前一个客户端认证的threadPrincipal和threadCredential值,远程攻击者可以获取具有相同JBoss服务器线程的任意前一个客户端的角色权限。
CVSS Information
N/A
Vulnerability Type
N/A