Information Disclosure

2020-04-1000:42:54

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

JSON

jboss EAP is vulnerable to information disclosure. The RHSA-2008:0826 update fixed an issue (CVE-2008-3273) where unauthenticated users were able to access the status servlet; however, a bug fix included in the RHSA-2009:0347 update re-introduced the issue. A remote attacker could use this flaw to acquire details about deployed web contexts.

CPENameOperatorVersion
rh-eap-docseq4.2.0__3.GA_CP02.ep1.1.el4
rh-eap-docseq4.2.0__1.ep1.22.el5
rh-eap-docseq4.2.0__3.GA_CP02.ep1.1.el5.1
rh-eap-docseq4.2.0__2.CP01.ep1.2.el5
hibernate3-annotationseq3.2.1__1.patch01.1jpp.ep1.3.el5
hibernate3-annotationseq3.2.1__1.patch02.1jpp.ep1.2.el5.1
hibernate3-annotationseq3.2.1__1.patch02.1jpp.ep1.2.el4
jboss-seam2eq2.0.2.FP_SEC1__1.ep2.7.el4
jboss-seam2eq2.0.2.FP_SEC1__1.ep2.3.el5
jboss-seam2eq2.0.2.FP_SEC1__1.ep2.6.el4

Name	Operator	Version
rh-eap-docs	eq	4.2.0__3.GA_CP02.ep1.1.el4
rh-eap-docs	eq	4.2.0__1.ep1.22.el5
rh-eap-docs	eq	4.2.0__3.GA_CP02.ep1.1.el5.1
rh-eap-docs	eq	4.2.0__2.CP01.ep1.2.el5
hibernate3-annotations	eq	3.2.1__1.patch01.1jpp.ep1.3.el5
hibernate3-annotations	eq	3.2.1__1.patch02.1jpp.ep1.2.el5.1
hibernate3-annotations	eq	3.2.1__1.patch02.1jpp.ep1.2.el4
jboss-seam2	eq	2.0.2.FP_SEC1__1.ep2.7.el4
jboss-seam2	eq	2.0.2.FP_SEC1__1.ep2.3.el5
jboss-seam2	eq	2.0.2.FP_SEC1__1.ep2.6.el4