PT-2008-4911 · Red Hat · Red Hat Jboss Enterprise Application Platform
Marc Schoenefeld
·
Publicado
2008-09-23
·
Atualizado
2017-08-08
·
CVE-2008-3519
CVSS v2.0
4.3
Média
| Vetor | AV:N/AC:M/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Red Hat JBoss Enterprise Application Platform (aka JBossEAP or EAP) versions 4.2 before CP04 and 4.3 before CP02
Description
The default configuration of the JBossAs component in Red Hat JBoss Enterprise Application Platform allows remote attackers to obtain sensitive information via a download request when a production environment is enabled. This occurs because the DownloadServerClasses property is set to true by default.
Recommendations
For Red Hat JBoss Enterprise Application Platform version 4.2 before CP04, update to CP04 or later to resolve the issue.
For Red Hat JBoss Enterprise Application Platform version 4.3 before CP02, update to CP02 or later to resolve the issue.
As a temporary workaround, consider setting the DownloadServerClasses property to false to prevent remote attackers from obtaining sensitive information.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Red Hat Jboss Enterprise Application Platform