Description

Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does not properly cache EJB invocations by remote-naming, which allows remote attackers to hijack sessions by using a remoting client.

Remediation

References

CVE-2013-4128

Related Vulnerabilities

ownCloud Other Vulnerability (CVE-2012-5609)

Liferay Portal CVE-2020-13444 Vulnerability (CVE-2020-13444)

Oracle HTTP Server CVE-2022-21375 Vulnerability (CVE-2022-21375)

MySQL CVE-2015-2643 Vulnerability (CVE-2015-2643)

WordPress Plugin Google Analytics Dashboard Plugin for WordPress by MonsterInsights Multiple Cross-Site Scripting Vulnerabilities (5.3.3)

Severity

Medium

Classification

CVE-2013-4128

Tags

Missing Update Known Vulnerabilities