PT-2014-5342 · Red Hat · Red Hat Jbossws

Published

2014-08-19

Updated

2017-08-29

CVE-2014-3464

CVSS v2.0

5.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Red Hat JBossWS versions 6.2.0 through 6.3.0

Description The EJB invocation handler implementation in Red Hat JBossWS does not properly enforce method level restrictions for outbound messages. This allows remote authenticated users to access otherwise restricted JAX-WS handlers by leveraging permissions to the EJB class.

Recommendations For versions 6.2.0 through 6.3.0, consider restricting access to the EJB class to minimize the risk of exploitation until a proper fix is applied.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2014-3464

RHSA-2014:1019

RHSA-2014:1020

Affected Products

Red Hat Jbossws

PT-2014-5342 · Red Hat · Red Hat Jbossws

CVE-2014-3464

Weakness Enumeration

Related Identifiers

Affected Products

References · 7