Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0027


Vulnerability Score 5.0 5.0
CVE Id CVE-2009-0027
Last Modified 21 Mar 2009 01:53:33
Published 09 Mar 2009 05:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



The request handler in JBossWS in JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP06 and 4.3 before 4.3.0.CP04 does not properly validate the resource path during a request for a WSDL file with a custom web-service endpoint, which allows remote attackers to read arbitrary XML files via a crafted request.

Vulnerable Systems


  • Redhat Jboss Enterprise Application Platform 4.2.0

  • Redhat Jboss Enterprise Application Platform 4.3.0


REDHAT - RHSA-2009:0349

REDHAT - RHSA-2009:0347

REDHAT - RHSA-2009:0346



SECTRACK - 1021817

BID - 34023

SECUNIA - 34112

REDHAT - RHSA-2009:0348

Last Updated: 27 May 2016 10:49:33