Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3273

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-3273
Last Modified 05 Nov 2012 11:05:40
Published 10 Aug 2008 04:41:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-3273

Summary

JBoss Enterprise Application Platform (aka JBossEAP or EAP) before 4.2.0.CP03, and 4.3.0 before 4.3.0.CP01, allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string.

Vulnerable Systems

Application

  • Jboss Enterprise Application Platform 4.2.0.cp01

  • Jboss Enterprise Application Platform 4.2.0.cp02

  • Jboss Enterprise Application Platform 4.2.0.cp03

  • Jboss Enterprise Application Platform 4.3.0


References

CONFIRM - https://jira.jboss.org/jira/browse/JBPAPP-544

CONFIRM - https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=457757

XF - jbosseap-statusservlet-info-disclosure(44235)

SECTRACK - 1020628

BID - 30540

CONFIRM - http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3.0.cp01/html-single/readme/

CONFIRM - http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp03/html-single/readme/index.html

REDHAT - RHSA-2008:0828

REDHAT - RHSA-2008:0827

REDHAT - RHSA-2008:0826

REDHAT - RHSA-2008:0825

HP - SSRT100699

HP - HPSBMU02736


Last Updated: 27 May 2016 10:56:40