The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) before 6.2.0, does not properly enforce the method level restrictions for JAX-WS. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Red Hat
Privilege Escalation
Jboss Enterprise Application Platform
Enterprise Linux
NVD
CVSS 2.0
5.5
EPSS
0.3%