CVE-2009-0027

Name of the Vulnerable Software and Affected Versions JBoss Enterprise Application Platform versions 4.2.0 through 4.2.0.CP05 JBoss Enterprise Application Platform versions 4.3.0 through 4.3.0.CP03

Description The issue arises from the request handler in JBossWS not properly validating the resource path during a request for a WSDL file with a custom web-service endpoint. This allows remote attackers to read arbitrary XML files via a crafted request.

Recommendations For JBoss Enterprise Application Platform versions 4.2.0 through 4.2.0.CP05, update to version 4.2.0.CP06 or later. For JBoss Enterprise Application Platform versions 4.3.0 through 4.3.0.CP03, update to version 4.3.0.CP04 or later.