Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4709


Vulnerability Score 5.0 5.0
CVE Id CVE-2005-4709
Last Modified 07 Mar 2011 09:28:49
Published 31 Dec 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



The popSubjectContext method in the SecurityAssociation class in JBoss Enterprise Java Beans (EJB) 3.0 RC3 maintains the threadPrincipal and threadCredential values from a previous client's authentication after termination of a client session, which allows remote attackers to gain the roles of an arbitrary previous client who had the same JBoss server thread.

Vulnerable Systems


XF - jboss-securityassociation-auth-bypass(24384)


VUPEN - ADV-2006-0374

Last Updated: 27 May 2016 10:41:24