CVE-2005-4709

CVE-2005-4709 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

The popSubjectContext method in the SecurityAssociation class in JBoss Enterprise Java Beans (EJB) 3.0 RC3 maintains the threadPrincipal and threadCredential values from a previous client's authentication after termination of a client session, which allows remote attackers to gain the roles of an arbitrary previous client who had the same JBoss server thread.

Learn more about our Cis Benchmark Audit For Server Software.