Lucene search
PRIOn knowledge basePRION:CVE-2012-4549HistoryJan 05, 2013 - 12:55 a.m.
Input validation
2013-01-0500:55:00
PRIOn knowledge base
www.prio-n.com
4
The processInvocation function in org.jboss.as.ejb3.security.AuthorizationInterceptor in JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) before 6.0.1, authorizes all requests when no roles are allowed for an Enterprise Java Beans (EJB) method invocation, which allows attackers to bypass intended access restrictions for EJB methods.
Related
nvd
nvd
CVE-2012-4549
2013-01-05 00:55:02
seebug
seebug
JBoss Enterprise Application Platform 安全绕过漏洞(CVE-2012-4549)
2012-12-21 00:00:00
cve
cve
CVE-2012-4549
2013-01-05 00:55:02
ubuntucve
ubuntucve
CVE-2012-4549
2013-01-05 00:00:00
cvelist
cvelist
CVE-2012-4549
2013-01-05 00:00:00
nessus
nessus
RHEL 5 : JBoss EAP (RHSA-2012:1591)
2013-01-24 00:00:00
RHEL 6 : JBoss EAP (RHSA-2012:1592)
2013-01-24 00:00:00
veracode
veracode
Information Disclosure
2019-05-02 04:42:36
Access Restriction Bypass
2019-05-02 04:43:29
Access Restriction Bypass
2019-05-02 04:43:22
redhat
redhat