J2EE Misconfiguration: Unsafe Bean Declaration
This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.
Entity beans should not be declared remote.
Entity beans that expose a remote interface become part of an application's attack surface. For performance reasons, an application should rarely uses remote entity beans, so there is a good chance that a remote entity bean declaration is an error.
<ejb-jar> <enterprise-beans> <entity> <ejb-name>EmployeeRecord</ejb-name> <home>com.wombat.empl.EmployeeRecordHome</home> <remote>com.wombat.empl.EmployeeRecord</remote> ... </entity> ... </enterprise-beans> </ejb-jar>