JBoss Enterprise Application Platform类文件信息泄漏漏洞

BUGTRAQ ID: 31300
CVE ID：CVE-2008-3519
CNCVE ID：CNCVE-20083519

JBoss Enterprise Application Platform是一款企业级应用程序平台，用于基于JBoss的应用开发。
JBoss企业级应用平台存在配置错误，远程攻击者可以利用漏洞获得敏感信息。
EAP的JBossAs组件在’production’中设置DownloadServerClasses属性为’true’，而一个产品环境必须默认设置为’false’来防止非EJB类的下载，这可导致信息泄漏。

RedHat JBoss Enterprise Application Platform 4.3 EL5
RedHat JBoss Enterprise Application Platform 4.3 EL4
RedHat JBoss Enterprise Application Platform 4.3 CP01
RedHat JBoss Enterprise Application Platform 4.3
RedHat JBoss Enterprise Application Platform 4.2 EL5
RedHat JBoss Enterprise Application Platform 4.2 EL4
RedHat JBoss Enterprise Application Platform 4.2 CP03
RedHat JBoss Enterprise Application Platform 4.2

可参考如下链接获得补丁信息：
<a href=“http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp04/html-single/readme/index.html” target=“_blank”>http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp04/html-single/readme/index.html</a>
<a href=“http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3.0.cp02/html-single/readme/index.html” target=“_blank”>http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3.0.cp02/html-single/readme/index.html</a>