Veracode Vulnerability DatabaseVERACODE:23422Information Disclosure
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
jboss-seam is vulnerable to information disclosure. The vulnerability exists as the property that controls the download of server classes was set to βtrueβ in the βproductionβ configuration. When the class download service is bound to an external interface, a remote attacker was able to download arbitrary class files from the server class path.
References
bugzilla.redhat.com/bugzilla/show_bug.cgi?id=458823
www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp04/html-single/readme/index.html
www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3.0.cp02/html-single/readme/index.html
www.redhat.com/security/updates/classification/#low
www.redhat.com/support/errata/RHSA-2008-0831.html
www.redhat.com/support/errata/RHSA-2008-0832.html
www.redhat.com/support/errata/RHSA-2008-0833.html
www.redhat.com/support/errata/RHSA-2008-0834.html
www.securityfocus.com/bid/31300
www.securitytracker.com/id?1020905
access.redhat.com/errata/RHSA-2008:0831
exchange.xforce.ibmcloud.com/vulnerabilities/45305
Related
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N