1 results (0.001 seconds)
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2005-4709
https://notcve.org/view.php?id=CVE-2005-4709
The popSubjectContext method in the SecurityAssociation class in JBoss Enterprise Java Beans (EJB) 3.0 RC3 maintains the threadPrincipal and threadCredential values from a previous client's authentication after termination of a client session, which allows remote attackers to gain the roles of an arbitrary previous client who had the same JBoss server thread. • http://jira.jboss.com/jira/browse/EJBTHREE-384 http://www.vupen.com/english/advisories/2006/0374 https://exchange.xforce.ibmcloud.com/vulnerabilities/24384 •