Wolf-Dieter Fink

**Name of the Vulnerable Software and Affected Versions** Red Hat JBoss Enterprise Application Platform (EAP) version 6.1.0 **Description** The issue is related to improper caching of EJB invocations by remote-naming, allowing remote attackers to hijack sessions using a remoting client. **Recommendations** For Red Hat JBoss Enterprise Application Platform (EAP) version 6.1.0, consider restricting access to the remote-naming service to minimize the risk of session hijacking until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Red Hat JBoss Enterprise Application Platform (EAP) version 6.1.0 **Description** The issue is related to improper caching of EJB invocations by the EJB client API, allowing remote attackers to hijack sessions. **Recommendations** For Red Hat JBoss Enterprise Application Platform (EAP) version 6.1.0, consider applying configuration changes to properly cache EJB invocations to prevent session hijacking. At the moment, there is no information about a newer version that contains a fix for this vulnerability.