Information Disclosure

2020-04-1000:30:18

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

JSON

jbossws is vulnerable to information disclosure. The request handler in JBossWS did not correctly verify the resource path when serving WSDL files for custom web service endpoints. This allowed remote attackers to read arbitrary XML files with the permissions of the EAP processs.

CPENameOperatorVersion
rh-eap-docseq4.2.0__3.GA_CP02.ep1.1.el5.1
rh-eap-docseq4.2.0__1.ep1.22.el5
rh-eap-docseq4.2.0__3.GA_CP02.ep1.1.el4
rh-eap-docseq4.2.0__2.CP01.ep1.2.el5
jboss-seameq1.2.0__1.AP.ep1.19.el5
jboss-seameq1.2.1__1.ep1.3.el5
jboss-seameq1.2.1__1.ep1.2.el5
jboss-seameq1.2.1__1.ep1.3.el4
hibernate3eq3.2.4__1.SP1_CP01.0jpp.ep1.1.el5.1
hibernate3eq3.2.4__1.SP1_CP02.0jpp.ep1.1.el5.1

Name	Operator	Version
rh-eap-docs	eq	4.2.0__3.GA_CP02.ep1.1.el5.1
rh-eap-docs	eq	4.2.0__1.ep1.22.el5
rh-eap-docs	eq	4.2.0__3.GA_CP02.ep1.1.el4
rh-eap-docs	eq	4.2.0__2.CP01.ep1.2.el5
jboss-seam	eq	1.2.0__1.AP.ep1.19.el5
jboss-seam	eq	1.2.1__1.ep1.3.el5
jboss-seam	eq	1.2.1__1.ep1.2.el5
jboss-seam	eq	1.2.1__1.ep1.3.el4
hibernate3	eq	3.2.4__1.SP1_CP01.0jpp.ep1.1.el5.1
hibernate3	eq	3.2.4__1.SP1_CP02.0jpp.ep1.1.el5.1