PT-2008-4687 · Red Hat · Red Hat Jboss Enterprise Application Platform

Marc Schoenefeld

Publicado

2008-08-10

Atualizado

2017-08-08

CVE-2008-3273

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions: JBoss Enterprise Application Platform versions prior to 4.2.0.CP03 JBoss Enterprise Application Platform version 4.3.0 before 4.3.0.CP01

Description: The issue allows remote attackers to obtain sensitive information about deployed web contexts via a request to the status servlet. This can be achieved by including a full=true query string in the request.

Recommendations: For JBoss Enterprise Application Platform versions prior to 4.2.0.CP03, update to version 4.2.0.CP03 or later. For JBoss Enterprise Application Platform version 4.3.0 before 4.3.0.CP01, update to version 4.3.0.CP01 or later.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

CVE-2008-3273

RHSA-2008:0825

RHSA-2008:0826

RHSA-2008:0827

RHSA-2008:0828

Produtos afetados

Red Hat Jboss Enterprise Application Platform

PT-2008-4687 · Red Hat · Red Hat Jboss Enterprise Application Platform

CVE-2008-3273

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 15