5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
jbossws is vulnerable to information disclosure. The request handler in JBossWS did not correctly verify the resource path when serving WSDL files for custom web service endpoints. This allowed remote attackers to read arbitrary XML files with the permissions of the EAP processs.
rhn.redhat.com/errata/RHSA-2009-0346.html
rhn.redhat.com/errata/RHSA-2009-0347.html
rhn.redhat.com/errata/RHSA-2009-0348.html
rhn.redhat.com/errata/RHSA-2009-0349.html
secunia.com/advisories/34112
www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp06/html-single/readme/index.html
www.securityfocus.com/bid/34023
www.securitytracker.com/id?1021817
access.redhat.com/errata/RHSA-2009:0346
bugzilla.redhat.com/show_bug.cgi?id=479668
jira.jboss.org/jira/browse/JBPAPP-1548