Description
The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) before 6.2.0, does not properly enforce the method level restrictions for JAX-WS Service endpoints, which allows remote authenticated users to access otherwise restricted JAX-WS handlers by leveraging permissions to the EJB class.
Remediation
References
Related Vulnerabilities
WordPress Plugin DOP Slider Arbitrary File Upload (1.0)
Apache HTTP Server Improper Input Validation Vulnerability (CVE-2011-4317)
MySQL CVE-2023-22102 Vulnerability (CVE-2023-22102)
WordPress Plugin Authorize.net Payment Gateway For WooCommerce Security Bypass (2.0)
WordPress Plugin Car Seller-Auto Classifieds Script SQL Injection (2.1.0)