CVE-2008-3519

Published: Sep 23, 2008Modified: Apr 23, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

The default configuration of the JBossAs component in Red Hat JBoss Enterprise Application Platform (aka JBossEAP or EAP), possibly 4.2 before CP04 and 4.3 before CP02, when a production environment is enabled, sets the DownloadServerClasses property to true, which allows remote attackers to obtain sensitive information (non-EJB classes) via a download request, a different vulnerability than CVE-2008-3273.

Affected (6)

Products: Redhat: Jboss Enterprise Application Platform

1 product

Jboss Enterprise Application Platform

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Redhat Jboss Enterprise Application Platform	Up to 4.3
Redhat Jboss Enterprise Application Platform	Up to 4.2
Redhat Jboss Enterprise Application Platform	Version 4.2
Redhat Jboss Enterprise Application Platform	Version 4.2 cp01
Redhat Jboss Enterprise Application Platform	Version 4.2 cp02
Redhat Jboss Enterprise Application Platform	Version 4.3

Related CWEs

References (20)

http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=458823

Source: secalert@redhat.com

http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp04/html-single/readme/index.html

Source: secalert@redhat.com

Patch

http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3.0.cp02/html-single/readme/index.html

Source: secalert@redhat.com

Patch

http://www.redhat.com/support/errata/RHSA-2008-0831.html

Source: secalert@redhat.com

http://www.redhat.com/support/errata/RHSA-2008-0832.html

Source: secalert@redhat.com

http://www.redhat.com/support/errata/RHSA-2008-0833.html

Source: secalert@redhat.com

http://www.redhat.com/support/errata/RHSA-2008-0834.html

Source: secalert@redhat.com

http://www.securityfocus.com/bid/31300

Source: secalert@redhat.com

http://www.securitytracker.com/id?1020905

Source: secalert@redhat.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/45305

Source: secalert@redhat.com

http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=458823

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp04/html-single/readme/index.html

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3.0.cp02/html-single/readme/index.html

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.redhat.com/support/errata/RHSA-2008-0831.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2008-0832.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2008-0833.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2008-0834.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/31300

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id?1020905

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/45305

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.