CVE-2008-3273

Published: Aug 10, 2008Modified: Apr 23, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

JBoss Enterprise Application Platform (aka JBossEAP or EAP) before 4.2.0.CP03, and 4.3.0 before 4.3.0.CP01, allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string.

Affected (4)

Products: Jboss: Enterprise Application Platform

1 product

Enterprise Application Platform

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Jboss Enterprise Application Platform	Up to 4.2.0.cp03
Jboss Enterprise Application Platform	Up to 4.3.0
Jboss Enterprise Application Platform	Version 4.2.0.cp01
Jboss Enterprise Application Platform	Version 4.2.0.cp02

Related CWEs

References (24)

http://marc.info/?l=bugtraq&m=132698550418872&w=2

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2008-0825.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2008-0826.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2008-0827.html

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2008-0828.html

Source: secalert@redhat.com

http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp03/html-single/readme/index.html

Source: secalert@redhat.com

http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3.0.cp01/html-single/readme/

Source: secalert@redhat.com

http://www.securityfocus.com/bid/30540

Source: secalert@redhat.com

http://www.securitytracker.com/id?1020628

Source: secalert@redhat.com

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=457757

Source: secalert@redhat.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/44235

Source: secalert@redhat.com

https://jira.jboss.org/jira/browse/JBPAPP-544

Source: secalert@redhat.com

http://marc.info/?l=bugtraq&m=132698550418872&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2008-0825.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2008-0826.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2008-0827.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2008-0828.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp03/html-single/readme/index.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3.0.cp01/html-single/readme/

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/30540

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id?1020628

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=457757

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/44235

Source: af854a3a-2127-422b-91ae-364da2661108

https://jira.jboss.org/jira/browse/JBPAPP-544

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.