JBoss Enterprise Application Platform信息泄漏漏洞

BUGTRAQ ID: 30540
CVE ID:CVE-2008-3273
CVE-2008-1285
CNCVE ID：CNCVE-20083273
CNCVE-20081285

JBoss Enterprise Application Platform是一款企业级应用平台。
JBoss Enterprise Application Platform存在信息泄漏问题，远程攻击者可以利用漏洞获得配置的WEB上下文，或进行跨站脚本攻击。
-JavaServer Faces (JSF)组件存在多个跨站脚本攻击，可导致注入任意WEB脚本或HTML。
-未验证用户可以访问状态servlet，允许攻击者获得配置的WEB上下文。

RedHat JBoss Enterprise Application Platform 4.3 EL5
RedHat JBoss Enterprise Application Platform 4.3 EL4
RedHat JBoss Enterprise Application Platform 4.3
RedHat JBoss Enterprise Application Platform 4.2 EL5
RedHat JBoss Enterprise Application Platform 4.2 EL4
RedHat JBoss Enterprise Application Platform 4.2
升级到最新版本的程序：
<a href=“http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp03/html-single/readme/index.html” target=“_blank”>http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp03/html-single/readme/index.html</a>
<a href=“http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3.0.cp01/html-single/readme/index.html” target=“_blank”>http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3.0.cp01/html-single/readme/index.html</a>