Access Restriction Bypass The advisory has been revoked - it doesn't affect any version of package org.wildfly:wildfly-webservices-server-integration  (opens in a new tab)


Threat Intelligence

EPSS
0.22% (61st percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-JAVA-ORGWILDFLY-31351
  • published24 Feb 2015
  • disclosed6 Dec 2013
  • creditUnknown

Introduced: 6 Dec 2013

CVE-2013-2133  (opens in a new tab)
CWE-264  (opens in a new tab)

Overview

org.wildfly:wildfly-webservices-server-integration The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) before 6.2.0, does not properly enforce the method level restrictions for JAX-WS Service endpoints, which allows remote authenticated users to access otherwise restricted JAX-WS handlers by leveraging permissions to the EJB class.

References