Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) before 6.2.0, does not properly enforce the method level restrictions for JAX-WS Service endpoints, which allows remote authenticated users to access otherwise restricted JAX-WS handlers by leveraging permissions to the EJB class.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Red Hat JBoss Enterprise Application Platform 权限许可和访问控制漏洞
Vulnerability Description
Red Hat JBossWS是美国红帽(Red Hat)公司的一套作为JBoss应用服务器的一部分而开发的Web服务框架,它实现了JAX-WS,并为Java中实现Web服务定义了一个编程模型和运行时体系结构。 Red Hat JBoss EAP 6.1.0及之前的版本中使用的Red Hat JBossWS应用程序中的EJB调用处理器存在安全漏洞,该漏洞源于程序没有正确的对JAX-WS服务端点执行方法等级授权。远程经过授权的用户可通过授权访问EJB类利用该漏洞调用JAX-WS处理器。
CVSS Information
N/A
Vulnerability Type
N/A