5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.969 High
EPSS
Percentile
99.6%
JBoss Web Server (jbossweb) is an enterprise ready web server designed for
medium and large applications, is based on Apache Tomcat, and is embedded
into JBoss Application Server. It provides organizations with a single
deployment platform for JavaServer Pages (JSP) and Java Servlet
technologies, Microsoftยฎ .NET, PHP, and CGI.
A traversal vulnerability was discovered when using a RequestDispatcher
in combination with a servlet or JSP. A remote attacker could utilize a
specially-crafted request parameter to access protected web resources.
(CVE-2008-2370)
An additional traversal vulnerability was discovered when the
โallowLinkingโ and โURIencodingโ settings were activated. A remote attacker
could use a UTF-8-encoded request to extend their privileges and obtain
local files accessible to the jbossweb process. (CVE-2008-2938)
Users of jbossweb should upgrade to this updated package, which contains
backported patches to resolve these issues.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 5 | noarch | jbossweb | <ย 2.0.0-5.CP07.0jpp.ep1.1.el5 | jbossweb-2.0.0-5.CP07.0jpp.ep1.1.el5.noarch.rpm |
RedHat | 5 | src | jbossweb | <ย 2.0.0-5.CP07.0jpp.ep1.1.el5 | jbossweb-2.0.0-5.CP07.0jpp.ep1.1.el5.src.rpm |