{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-08-12T00:00:00", "descriptions": [{"lang": "en", "value": "Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does not properly cache EJB invocations by the EJB client API, which allows remote attackers to hijack sessions by using an EJB client."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "RHSA-2013:1152", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1152.html"}, {"name": "eap-cve20134213-session-hijacking(86387)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86387"}, {"name": "96216", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/96216"}, {"name": "54508", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/54508"}, {"name": "RHSA-2013:1437", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1437.html"}, {"name": "1028898", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1028898"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=985359"}, {"name": "RHSA-2013:1151", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1151.html"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T16:38:01.580Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2013:1152", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1152.html"}, {"name": "eap-cve20134213-session-hijacking(86387)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86387"}, {"name": "96216", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/96216"}, {"name": "54508", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/54508"}, {"name": "RHSA-2013:1437", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1437.html"}, {"name": "1028898", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1028898"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=985359"}, {"name": "RHSA-2013:1151", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1151.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-4213", "datePublished": "2013-08-16T16:00:00", "dateReserved": "2013-06-12T00:00:00", "dateUpdated": "2024-08-06T16:38:01.580Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "AF680478-162A-4F7B-B9BA-C407FA3C0EEE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does not properly cache EJB invocations by the EJB client API, which allows remote attackers to hijack sessions by using an EJB client."}, {"lang": "es", "value": "Red Hat JBoss Enterprise Application Platform (EAP) v6.1.0 no cachea adecuadamente las llamadas EJB mediante la API del cliente EJB, lo que permite a atacantes remotos secuestrar sesiones mediante un cliente EJB."}], "id": "CVE-2013-4213", "lastModified": "2017-08-29T01:33:36.357", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-08-16T16:55:46.297", "references": [{"source": "secalert@redhat.com", "url": "http://osvdb.org/96216"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1151.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1152.html"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2013-1437.html"}, {"source": "secalert@redhat.com", "url": "http://secunia.com/advisories/54508"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1028898"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=985359"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86387"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "This issue was discovered by Wolf-Dieter Fink (Red Hat GSS Team).", "affected_release": [{"advisory": "RHSA-2013:1152", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6.1", "product_name": "Red Hat JBoss Enterprise Application Platform 6.1", "release_date": "2013-08-12T00:00:00Z"}, {"advisory": "RHSA-2013:1151", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-as-client-all-0:7.2.0-9.Final_redhat_9.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6 for RHEL 5", "release_date": "2013-08-12T00:00:00Z"}, {"advisory": "RHSA-2013:1151", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-ejb-client-0:1.0.21-2.Final_redhat_2.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6 for RHEL 5", "release_date": "2013-08-12T00:00:00Z"}, {"advisory": "RHSA-2013:1151", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el5", "package": "jboss-remote-naming-0:1.0.6-3.Final_redhat_3.ep6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 6 for RHEL 5", "release_date": "2013-08-12T00:00:00Z"}, {"advisory": "RHSA-2013:1151", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-as-client-all-0:7.2.0-9.Final_redhat_9.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6 for RHEL 6", "release_date": "2013-08-12T00:00:00Z"}, {"advisory": "RHSA-2013:1151", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-ejb-client-0:1.0.21-2.Final_redhat_2.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6 for RHEL 6", "release_date": "2013-08-12T00:00:00Z"}, {"advisory": "RHSA-2013:1151", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6::el6", "package": "jboss-remote-naming-0:1.0.6-3.Final_redhat_3.ep6.el6", "product_name": "Red Hat JBoss Enterprise Application Platform 6 for RHEL 6", "release_date": "2013-08-12T00:00:00Z"}, {"advisory": "RHSA-2013:1437", "cpe": "cpe:/a:redhat:jboss_enterprise_portal_platform:6.1.0", "product_name": "Red Hat JBoss Portal Platform 6.1", "release_date": "2013-10-16T00:00:00Z"}], "bugzilla": {"description": "ejb-client: Session fixation due improper connection caching", "id": "985359", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=985359"}, "csaw": false, "cvss": {"cvss_base_score": "6.4", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "status": "verified"}, "cwe": "CWE-384", "details": ["Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does not properly cache EJB invocations by the EJB client API, which allows remote attackers to hijack sessions by using an EJB client."], "name": "CVE-2013-4213", "package_state": [{"cpe": "cpe:/a:redhat:jboss_data_grid:6", "fix_state": "Not affected", "package_name": "remote-naming", "product_name": "Red Hat JBoss Data Grid 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1", "fix_state": "Not affected", "package_name": "others", "product_name": "Red Hat JBoss Enterprise Web Server 1"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_portal_platform:6", "fix_state": "Affected", "package_name": "remote-naming", "product_name": "Red Hat JBoss Portal 6"}], "public_date": "2013-06-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-4213\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-4213"], "threat_severity": "Important"}