Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0027

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2009-0027
Last Modified 21 Mar 2009 01:53:33
Published 09 Mar 2009 05:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-0027

Summary

The request handler in JBossWS in JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP06 and 4.3 before 4.3.0.CP04 does not properly validate the resource path during a request for a WSDL file with a custom web-service endpoint, which allows remote attackers to read arbitrary XML files via a crafted request.

Vulnerable Systems

Application

  • Redhat Jboss Enterprise Application Platform 4.2.0

  • Redhat Jboss Enterprise Application Platform 4.3.0


References

REDHAT - RHSA-2009:0349

REDHAT - RHSA-2009:0347

REDHAT - RHSA-2009:0346

CONFIRM - https://jira.jboss.org/jira/browse/JBPAPP-1548

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=479668

SECTRACK - 1021817

BID - 34023

SECUNIA - 34112

REDHAT - RHSA-2009:0348


Last Updated: 27 May 2016 10:49:33