CVE-2013-2133

Name of the Vulnerable Software and Affected Versions Red Hat JBoss Enterprise Application Platform (EAP) versions prior to 6.2.0

Description The issue concerns the EJB invocation handler implementation in Red Hat JBossWS, which does not properly enforce method level restrictions for JAX-WS Service endpoints. This allows remote authenticated users to access otherwise restricted JAX-WS handlers by leveraging permissions to the EJB class.

Recommendations For versions prior to 6.2.0, update to version 6.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the EJB class and JAX-WS handlers to minimize the risk of exploitation.