CVE-2013-4213
Summary
| CVE | CVE-2013-4213 |
|---|---|
| State | PUBLISHED |
| Assigner | redhat |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2013-08-16 16:55:46 UTC |
| Updated | 2026-04-29 01:13:23 UTC |
| Description | Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does not properly cache EJB invocations by the EJB client API, which allows remote attackers to hijack sessions by using an EJB client. |
Risk And Classification
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
LowAuthentication
NoneConfidentiality
PartialIntegrity
PartialAvailability
NoneAV:N/AC:L/Au:N/C:P/I:P/A:N
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Redhat | Jboss Enterprise Application Platform | 6.1.0 | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Red Hat Customer Portal | af854a3a-2127-422b-91ae-364da2661108 | rhn.redhat.com | Vendor Advisory |
| JBoss Enterprise Application Platform Caching Bugs Let Remote Users Hijack User Sessions - SecurityTracker | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | Third Party Advisory, VDB Entry |
| Red Hat Customer Portal | af854a3a-2127-422b-91ae-364da2661108 | rhn.redhat.com | Vendor Advisory |
| IBM X-Force Exchange | af854a3a-2127-422b-91ae-364da2661108 | exchange.xforce.ibmcloud.com | |
| Security Advisory SA54508 - Red Hat update for JBoss Enterprise Application Platform - Secunia | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | |
| 985359 – (CVE-2013-4213) CVE-2013-4213 JBoss ejb-client: Session fixation due improper connection caching | af854a3a-2127-422b-91ae-364da2661108 | bugzilla.redhat.com | Issue Tracking |
| osvdb.org/96216 | af854a3a-2127-422b-91ae-364da2661108 | osvdb.org | |
| Red Hat Customer Portal | af854a3a-2127-422b-91ae-364da2661108 | rhn.redhat.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.