PT-2008-4687 · Red Hat · Red Hat Jboss Enterprise Application Platform

Marc Schoenefeld

Published

2008-08-10

Updated

2017-08-08

CVE-2008-3273

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions: JBoss Enterprise Application Platform versions prior to 4.2.0.CP03 JBoss Enterprise Application Platform version 4.3.0 before 4.3.0.CP01

Description: The issue allows remote attackers to obtain sensitive information about deployed web contexts via a request to the status servlet. This can be achieved by including a full=true query string in the request.

Recommendations: For JBoss Enterprise Application Platform versions prior to 4.2.0.CP03, update to version 4.2.0.CP03 or later. For JBoss Enterprise Application Platform version 4.3.0 before 4.3.0.CP01, update to version 4.3.0.CP01 or later.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2008-3273

RHSA-2008:0825

RHSA-2008:0826

RHSA-2008:0827

RHSA-2008:0828

Affected Products

Red Hat Jboss Enterprise Application Platform

PT-2008-4687 · Red Hat · Red Hat Jboss Enterprise Application Platform

CVE-2008-3273

Weakness Enumeration

Related Identifiers

Affected Products

References · 15