The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) before 6.2.0, does not properly enforce the method level restrictions for JAX-WS Service endpoints, which allows remote authenticated users to access otherwise restricted JAX-WS handlers by leveraging permissions to the EJB class.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Jboss_enterprise_application_platform | Redhat | 4.2.0 | 4.2.0 |
Jboss_enterprise_application_platform | Redhat | 6.0.1 | 6.0.1 |
Jboss_enterprise_application_platform | Redhat | 4.3.0 | 4.3.0 |
Jboss_enterprise_application_platform | Redhat | 5.1.2 | 5.1.2 |
Jboss_enterprise_application_platform | Redhat | 4.3.0 | 4.3.0 |
Jboss_enterprise_application_platform | Redhat | 6.0.0 | 6.0.0 |
Jboss_enterprise_application_platform | Redhat | 5.2.2 | 5.2.2 |
Jboss_enterprise_application_platform | Redhat | 5.1.1 | 5.1.1 |
Jboss_enterprise_application_platform | Redhat | 5.0.1 | 5.0.1 |
Jboss_enterprise_application_platform | Redhat | * | 6.1.0 |
Jboss_enterprise_application_platform | Redhat | 5.1.0 | 5.1.0 |
Jboss_enterprise_application_platform | Redhat | 5.2.0 | 5.2.0 |
Jboss_enterprise_application_platform | Redhat | 5.2.1 | 5.2.1 |
Jboss_enterprise_application_platform | Redhat | 4.2.0 | 4.2.0 |
Jboss_enterprise_application_platform | Redhat | 5.0.0 | 5.0.0 |