Jboss EAP Permissions Privileges and Access Controls Vulnerability - CVE-2013-2133

The EJB invocation handler implementation in Red Hat JBossWS as used in JBoss Enterprise Application Platform (EAP) before 6.2.0 does not properly enforce the method level restrictions for JAX-WS Service endpoints which allows remote authenticated users to access otherwise restricted JAX-WS handlers by leveraging permissions to the EJB class.