Vulnerabilities > CVE-2005-4709
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The popSubjectContext method in the SecurityAssociation class in JBoss Enterprise Java Beans (EJB) 3.0 RC3 maintains the threadPrincipal and threadCredential values from a previous client's authentication after termination of a client session, which allows remote attackers to gain the roles of an arbitrary previous client who had the same JBoss server thread.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
References
- http://jira.jboss.com/jira/browse/EJBTHREE-384
- http://jira.jboss.com/jira/browse/EJBTHREE-384
- http://www.vupen.com/english/advisories/2006/0374
- http://www.vupen.com/english/advisories/2006/0374
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24384
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24384