This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "J2EE Misconfiguration: Weak Access Permissions"
From OWASP
Weilin Zhong (talk | contribs) |
Weilin Zhong (talk | contribs) |
||
| Line 2: | Line 2: | ||
==Description== | ==Description== | ||
| + | |||
| + | The application grants code access permission inappropriately. | ||
==Examples == | ==Examples == | ||
| + | * Permission to invoke EJB methods are granted to ANYONE role. | ||
==Related Threats== | ==Related Threats== | ||
| Line 23: | Line 26: | ||
[[Category:Java]] | [[Category:Java]] | ||
| − | [[Category:Environmental | + | [[Category:Environmental Vulnerability]] |
| + | |||
| + | [[Category:Access Control Vulnerability]] | ||
| + | |||
| + | [[Category:Code Permission Vulnerability]] | ||
Revision as of 18:51, 29 June 2006
This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.
Description
The application grants code access permission inappropriately.
Examples
- Permission to invoke EJB methods are granted to ANYONE role.
Related Threats
Related Attacks
Related Vulnerabilities
Related Countermeasures
Categories
This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.
