CVE-2014-3464: The EJB invocation handler implementation in Red Hat JBossWS, as used in JBoss Enterprise Application Platform (EAP) 6.2

CVE-2014-3464 is a security flaw in Red Hat JBossWS (a web service framework used in JBoss Enterprise Application Platform versions 6.2.0 and 6.3.0) where the EJB invocation handler (the code that processes requests to Enterprise Java Beans, which are reusable server-side components) fails to properly block access to restricted JAX-WS handlers (specialized processors for web service messages). This allows authenticated remote users to bypass security restrictions by exploiting permissions they have to the EJB class itself.