CVE-2009-0027

Published: Mar 9, 2009Modified: Apr 23, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The request handler in JBossWS in JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP06 and 4.3 before 4.3.0.CP04 does not properly validate the resource path during a request for a WSDL file with a custom web-service endpoint, which allows remote attackers to read arbitrary XML files via a crafted request.

Affected (10)

Products: Redhat: Jboss Enterprise Application Platform

1 product

Jboss Enterprise Application Platform

Configuration A

10 vulnerable

Vulnerable Software	Affected Versions
Redhat Jboss Enterprise Application Platform	Version 4.2.0 cp01
Redhat Jboss Enterprise Application Platform	Version 4.2.0 cp02
Redhat Jboss Enterprise Application Platform	Version 4.2.0 cp03
Redhat Jboss Enterprise Application Platform	Version 4.2.0 cp04
Redhat Jboss Enterprise Application Platform	Version 4.2.0 cp05
Redhat Jboss Enterprise Application Platform	Version 4.2.0 cp06
Redhat Jboss Enterprise Application Platform	Version 4.3.0 cp01
Redhat Jboss Enterprise Application Platform	Version 4.3.0 cp02
Redhat Jboss Enterprise Application Platform	Version 4.3.0 cp03
Redhat Jboss Enterprise Application Platform	Version 4.3.0 cp04

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (18)

http://rhn.redhat.com/errata/RHSA-2009-0346.html

Source: secalert@redhat.com

Patch

http://rhn.redhat.com/errata/RHSA-2009-0347.html

Source: secalert@redhat.com

Patch

http://rhn.redhat.com/errata/RHSA-2009-0348.html

Source: secalert@redhat.com

Vendor Advisory

http://rhn.redhat.com/errata/RHSA-2009-0349.html

Source: secalert@redhat.com

PatchVendor Advisory

http://secunia.com/advisories/34112

Source: secalert@redhat.com

http://www.securityfocus.com/bid/34023

Source: secalert@redhat.com

http://www.securitytracker.com/id?1021817

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=479668

Source: secalert@redhat.com

https://jira.jboss.org/jira/browse/JBPAPP-1548

Source: secalert@redhat.com

http://rhn.redhat.com/errata/RHSA-2009-0346.html

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://rhn.redhat.com/errata/RHSA-2009-0347.html

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://rhn.redhat.com/errata/RHSA-2009-0348.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://rhn.redhat.com/errata/RHSA-2009-0349.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://secunia.com/advisories/34112

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/34023

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id?1021817

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=479668

Source: af854a3a-2127-422b-91ae-364da2661108

https://jira.jboss.org/jira/browse/JBPAPP-1548

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.