CVE-2005-4709

by Fred · 02/02/2006

The popSubjectContext method in the SecurityAssociation class in JBoss Enterprise Java Beans (EJB) 3.0 RC3 maintains the threadPrincipal and threadCredential values from a previous client’s authentication after termination of a client session, which allows remote attackers to gain the roles of an arbitrary previous client who had the same JBoss server thread.

Date published : 2006-02-02

http://jira.jboss.com/jira/browse/EJBTHREE-384

http://www.vupen.com/english/advisories/2006/0374

CVE-2005-4709

Similar

Recent Posts

Categories

CVE-2005-4709

Share this:

Similar

Recent Posts

Categories

Tags