{"api_version":"1","generated_at":"2026-07-07T22:45:37+00:00","cve":"CVE-2013-4213","urls":{"html":"https://cve.report/CVE-2013-4213","api":"https://cve.report/api/cve/CVE-2013-4213.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2013-4213","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2013-4213"},"summary":{"title":"CVE-2013-4213","description":"Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does not properly cache EJB invocations by the EJB client API, which allows remote attackers to hijack sessions by using an EJB client.","state":"PUBLISHED","assigner":"redhat","published_at":"2013-08-16 16:55:46","updated_at":"2026-04-29 01:13:23"},"problem_types":["CWE-284","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"6.4","severity":"","vector":"AV:N/AC:L/Au:N/C:P/I:P/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:N","baseScore":6.4,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"}}],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2013-1152.html","name":"http://rhn.redhat.com/errata/RHSA-2013-1152.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://www.securitytracker.com/id/1028898","name":"http://www.securitytracker.com/id/1028898","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"],"title":"JBoss Enterprise Application Platform Caching Bugs Let Remote Users Hijack User Sessions - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-1437.html","name":"http://rhn.redhat.com/errata/RHSA-2013-1437.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/86387","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/86387","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/54508","name":"http://secunia.com/advisories/54508","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Security Advisory SA54508 - Red Hat update for JBoss Enterprise Application Platform - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=985359","name":"https://bugzilla.redhat.com/show_bug.cgi?id=985359","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Issue Tracking"],"title":"985359 – (CVE-2013-4213) CVE-2013-4213 JBoss ejb-client: Session fixation due improper connection caching","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://osvdb.org/96216","name":"http://osvdb.org/96216","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://rhn.redhat.com/errata/RHSA-2013-1151.html","name":"http://rhn.redhat.com/errata/RHSA-2013-1151.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2013-4213","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4213","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2013","cve_id":"4213","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_enterprise_application_platform","cpe6":"6.1.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-06T16:38:01.580Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"RHSA-2013:1152","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"http://rhn.redhat.com/errata/RHSA-2013-1152.html"},{"name":"eap-cve20134213-session-hijacking(86387)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/86387"},{"name":"96216","tags":["vdb-entry","x_refsource_OSVDB","x_transferred"],"url":"http://osvdb.org/96216"},{"name":"54508","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/54508"},{"name":"RHSA-2013:1437","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"http://rhn.redhat.com/errata/RHSA-2013-1437.html"},{"name":"1028898","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id/1028898"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=985359"},{"name":"RHSA-2013:1151","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"http://rhn.redhat.com/errata/RHSA-2013-1151.html"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2013-08-12T00:00:00.000Z","descriptions":[{"lang":"en","value":"Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does not properly cache EJB invocations by the EJB client API, which allows remote attackers to hijack sessions by using an EJB client."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-08-28T12:57:01.000Z","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"references":[{"name":"RHSA-2013:1152","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"http://rhn.redhat.com/errata/RHSA-2013-1152.html"},{"name":"eap-cve20134213-session-hijacking(86387)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/86387"},{"name":"96216","tags":["vdb-entry","x_refsource_OSVDB"],"url":"http://osvdb.org/96216"},{"name":"54508","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/54508"},{"name":"RHSA-2013:1437","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"http://rhn.redhat.com/errata/RHSA-2013-1437.html"},{"name":"1028898","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id/1028898"},{"tags":["x_refsource_CONFIRM"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=985359"},{"name":"RHSA-2013:1151","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"http://rhn.redhat.com/errata/RHSA-2013-1151.html"}]}},"cveMetadata":{"assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","cveId":"CVE-2013-4213","datePublished":"2013-08-16T16:00:00.000Z","dateReserved":"2013-06-12T00:00:00.000Z","dateUpdated":"2024-08-06T16:38:01.580Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2013-08-16 16:55:46","lastModifiedDate":"2026-04-29 01:13:23","problem_types":["CWE-284","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:N","baseScore":6.4,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.1.0:*:*:*:*:*:*:*","matchCriteriaId":"AF680478-162A-4F7B-B9BA-C407FA3C0EEE"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2013","CveId":"4213","Ordinal":"1","Title":"CVE-2013-4213","CVE":"CVE-2013-4213","Year":"2013"},"notes":[{"CveYear":"2013","CveId":"4213","Ordinal":"1","NoteData":"Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does not properly cache EJB invocations by the EJB client API, which allows remote attackers to hijack sessions by using an EJB client.","Type":"Description","Title":"CVE-2013-4213"},{"CveYear":"2013","CveId":"4213","Ordinal":"2","NoteData":"2013-08-16","Type":"Other","Title":"Published"},{"CveYear":"2013","CveId":"4213","Ordinal":"3","NoteData":"2017-08-28","Type":"Other","Title":"Modified"}]}}}