Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does not properly cache EJB invocations by remote-naming, which allows remote attackers to hijack sessions by using a remoting client.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Jboss_enterprise_application_platform | Redhat | 6.1.0 (including) | 6.1.0 (including) |
| Red Hat JBoss Enterprise Application Platform 6.1 | RedHat | * | |
| Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 | RedHat | jboss-as-client-all-0:7.2.0-9.Final_redhat_9.ep6.el5 | * |
| Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 | RedHat | jboss-ejb-client-0:1.0.21-2.Final_redhat_2.ep6.el5 | * |
| Red Hat JBoss Enterprise Application Platform 6 for RHEL 5 | RedHat | jboss-remote-naming-0:1.0.6-3.Final_redhat_3.ep6.el5 | * |
| Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 | RedHat | jboss-as-client-all-0:7.2.0-9.Final_redhat_9.ep6.el6 | * |
| Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 | RedHat | jboss-ejb-client-0:1.0.21-2.Final_redhat_2.ep6.el6 | * |
| Red Hat JBoss Enterprise Application Platform 6 for RHEL 6 | RedHat | jboss-remote-naming-0:1.0.6-3.Final_redhat_3.ep6.el6 | * |
| Red Hat JBoss Portal Platform 6.1 | RedHat | * |