J2EE Misconfiguration: Weak Access Permissions

[http://s1.shard.jp/losaul/this-day-in-australian.html australian name puppy shepherd ] sitemap blank map of asia africa europe [http://s1.shard.jp/olharder/kragen-auto.html auto restorer mag ] [http://s1.shard.jp/bireba/notron-antivirus.html clam antivirus for linux ] [http://s1.shard.jp/bireba/kaspersky-antivirus.html avg antivirus key generator ] [http://s1.shard.jp/galeach/ hariprasad chourasia ] [http://s1.shard.jp/bireba/windows-xp-antivirus.html etrust antivirus free downloads ] [http://s1.shard.jp/frhorton/wntjtqor2.html cape verde africa property ] [http://s1.shard.jp/galeach/new71.html christian beliefs on euthanasia ] [http://s1.shard.jp/bireba/computer-antivirus.html antivirus software for server 2003 ] [http://s1.shard.jp/olharder/gxautos.html automotive coolant types ] download free norton antivirus trial [http://s1.shard.jp/olharder/canadian-auto.html autosurf forums ] [http://s1.shard.jp/losaul/scoutsaustralia.html surf shirts australia ] [http://s1.shard.jp/losaul/cheap-air-fare-to.html police credit union australia ] autopilots for sale hip hop in africa property for sale in perth australia [http://s1.shard.jp/losaul/australia-immigration.html gridiron australia ] [http://s1.shard.jp/bireba/panda-software.html before symantec antivirus could be completely installed ] [http://s1.shard.jp/losaul/australia-stables.html virgin blue australia home ] [http://s1.shard.jp/galeach/new109.html attractive asians ] [http://s1.shard.jp/bireba/antivirus-firewall.html avg free antivirus download ] [http://s1.shard.jp/bireba/macintosh-antivirus.html antivirusdisable notify ] [http://s1.shard.jp/losaul/planting-guide.html alcoholism australia ] [http://s1.shard.jp/frhorton/928f3x2wr.html african country founded by former american slaves ] [http://s1.shard.jp/frhorton/eustnj89y.html african braid picture ] australian hotel rocks [http://s1.shard.jp/frhorton/1oj3zcvfn.html actuarial society of south africa ] [http://s1.shard.jp/losaul/australia-food-product.html irish consulate sydney australia ] [http://s1.shard.jp/galeach/new24.html eaton vance asian small companies ] used car price australia [http://s1.shard.jp/galeach/new137.html asian call centers ] alberta auto rv trader [http://s1.shard.jp/losaul/australia-telescope.html autolive australia ] [http://s1.shard.jp/olharder/auto-copart-sale.html in house financing auto ] [http://s1.shard.jp/galeach/new64.html enamel hypoplasia bell stage ] [http://s1.shard.jp/frhorton/hpi2k8yhb.html african rain forest information ] [http://s1.shard.jp/frhorton/mz6vv73zx.html african inspired wedding gowns ] [http://s1.shard.jp/losaul/travel-shows-in.html outboard motors australia ] url [http://s1.shard.jp/bireba/review-antivirus.html norton antivirus download free trial ] [http://s1.shard.jp/losaul/stihl-australia.html australia serzone ] [http://s1.shard.jp/bireba/dod-cert-antivirus.html os x antivirus free ] [http://s1.shard.jp/losaul/ australian teen magazines ] http://www.textgetboc.com


 * 1) REDIRECT Least Privilege Violation

Last revision (mm/dd/yy): //

Description
Permission to invoke EJB methods should not be granted to the ANYONE role.

If the EJB deployment descriptor contains one or more method permissions that grant access to the special ANYONE role, it indicates that access control for the application has not been fully thought through or that the application is structured in such a way that reasonable access control restrictions are impossible.

Risk Factors

 * Talk about the factors that make this vulnerability likely or unlikely to actually happen
 * Discuss the technical impact of a successful exploit of this vulnerability
 * Consider the likely [business impacts] of a successful attack

Examples
The following deployment descriptor grants ANYONE permission to invoke the Employee EJB's method named getSalary.

 ...		  ANYONE Employee getSalary   ...	

Related Attacks

 * Attack 1
 * Attack 2

Related Vulnerabilities

 * Vulnerability 1
 * Vulnerabiltiy 2

Related Controls

 * Category:Access Control

Related Technical Impacts

 * Technical Impact 1
 * Technical Impact 2