Information Disclosure
jboss EAP is vulnerable to information disclosure. The RHSA-2008:0826 update fixed an issue CVE-2008-3273 where unauthenticated users were able to access the status servlet; however, a bug fix included in the RHSA-2009:0347 update re-introduced the issue. A remote attacker could use this flaw to...