Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Jboss EAP Permissions Privileges and Access Controls Vulnerability - CVE-2012-4549 - Vulnerability Database
Jboss EAP

Jboss EAP Permissions Privileges and Access Controls Vulnerability - CVE-2012-4549

Medium
Reference: CVE-2012-4549
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2012-4549
Title: Jboss EAP Permissions Privileges and Access Controls Vulnerability
Overview:

The processInvocation function in org.jboss.as.ejb3.security.AuthorizationInterceptor in JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) before 6.0.1 authorizes all requests when no roles are allowed for an Enterprise Java Beans (EJB) method invocation which allows attackers to bypass intended access restrictions for EJB methods.