AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2013-2133: The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) bef

infovulnerability

security

Source: NVD/CVE DatabaseDecember 6, 2013CVE-2013-2133

Summary

CVE-2013-2133 is a security flaw in Red Hat JBossWS (a tool for building web services) used in JBoss Enterprise Application Platform (EAP) before version 6.2.0, where the EJB invocation handler (the component that processes method calls) fails to properly check access restrictions. This allows remote authenticated users (people with login credentials) to bypass security controls and access JAX-WS handlers (special functions that intercept web service requests) that should be restricted, simply by having permission to use the underlying EJB class.

Vulnerability Details

CVSS Score

5.5

EPSS (30-day exploit probability)

EPSS: 0.3%

Classification

Attack SophisticationModerate

Taxonomy References

CWE (Weakness Type)

CWE-264

Original source: https://nvd.nist.gov/vuln/detail/CVE-2013-2133

First tracked: February 15, 2026 at 08:43 PM

Classified by LLM (prompt v3) · confidence: 95%