JBoss Enterprise Application Platform Information Disclosure Vulnerability
BID:30540
Info
JBoss Enterprise Application Platform Information Disclosure Vulnerability
| Bugtraq ID: | 30540 |
| Class: | Unknown |
| CVE: |
CVE-2008-3273 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 05 2008 12:00AM |
| Updated: | Apr 29 2009 10:16PM |
| Credit: | JBoss Group |
| Vulnerable: |
Red Hat JBoss Enterprise Application Platform 4.3 EL5 Red Hat JBoss Enterprise Application Platform 4.3 EL4 Red Hat JBoss Enterprise Application Platform 4.3 Red Hat JBoss Enterprise Application Platform 4.2 EL5 Red Hat JBoss Enterprise Application Platform 4.2 EL4 Red Hat JBoss Enterprise Application Platform 4.2 |
| Not Vulnerable: |
Red Hat JBoss Enterprise Application Platform 4.3 .CP01 Red Hat JBoss Enterprise Application Platform 4.2 .CP03 |
Discussion
JBoss Enterprise Application Platform Information Disclosure Vulnerability
JBoss Enterprise Application Platform is prone to a remote information-disclosure vulnerability.
Remote attackers can exploit this issue to obtain potentially sensitive details about deployed web contexts. Information obtained may lead to further attacks.
The issue affects versions prior to JBoss Enterprise Application Platform 4.3.0.CP01 and 4.2.0.CP03.
JBoss Enterprise Application Platform is prone to a remote information-disclosure vulnerability.
Remote attackers can exploit this issue to obtain potentially sensitive details about deployed web contexts. Information obtained may lead to further attacks.
The issue affects versions prior to JBoss Enterprise Application Platform 4.3.0.CP01 and 4.2.0.CP03.
Exploit / POC
JBoss Enterprise Application Platform Information Disclosure Vulnerability
An attacker will likely exploit this issue through a browser.
An attacker will likely exploit this issue through a browser.
Solution / Fix
JBoss Enterprise Application Platform Information Disclosure Vulnerability
Solution:
The vendor has released updates. Please see the references for more information.
Solution:
The vendor has released updates. Please see the references for more information.
References
JBoss Enterprise Application Platform Information Disclosure Vulnerability
References:
References:
- JBoss Enterprise Application Platform 4.2.0.CP03 (Red Hat)
- JBoss Enterprise Application Platform 4.3.0.CP01 (Red Hat)
- JBoss Portal Homepage (JBoss Group)
- RHSA-2008:0825-10 - Moderate: JBoss Enterprise Application Platform 4.2.0.CP03 s (Red Hat)
- RHSA-2008:0826-7 - Moderate: JBoss Enterprise Application Platform 4.3.0.CP01 se (Red Hat)
- RHSA-2008:0827-6 - Moderate: JBoss Enterprise Application Platform 4.2.0.CP03 se (Red Hat)
- RHSA-2008:0828-4 - Moderate: JBoss Enterprise Application Platform 4.3.0CP01 sec (Red Hat)