CVE-2013-4128Session Fixation in Redhat Jboss Enterprise Application Platform

CWE-16CWE-384Session Fixation5 documents5 sources
Severity
6.4MEDIUMNVD
EPSS
0.7%
top 28.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Jboss Enterprise Application Platform
Timeline
PublishedAug 16
Latest updateMay 17

Description

Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does not properly cache EJB invocations by remote-naming, which allows remote attackers to hijack sessions by using a remoting client.

CVSS vector

AV:N/AC:L/C:P/I:P/A:NExploitability: 10.0 | Impact: 4.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-mj2q-jjfm-w2rq: Red Hat JBoss Enterprise Application Platform (EAP) 62022-05-17
CVEList
CVE-2013-4128: Red Hat JBoss Enterprise Application Platform (EAP) 62013-08-16

📋Vendor Advisories

1
Red Hat
remote-naming: Session fixation due improper connection caching2013-07-11

💬Community

1
Bugzilla
CVE-2013-4128 JBoss remote-naming: Session fixation due improper connection caching2013-07-16
CVE-2013-4128 — Session Fixation in Redhat | cvebase