OSVDB ID: 47551

Title: JBoss Enterprise Application Platform (EAP) Status Servlet Request Remote Information Disclosure

Info

Disclosure

Aug 04, 2008

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Classification

Location: Remote / Network Access
Attack Type: Information Disclosure
Impact: Loss of Confidentiality
Solution: Upgrade
Disclosure: Vendor Verified

Solution

Upgrade to version 4.2.0.CP03 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Unknown or Incomplete

References

Security Tracker: 1020628
CVE ID: 2008-3273 (see also: NVD)
Bugtraq ID: 30540
ISS X-Force ID: 44235
Secunia Advisory ID: 47648
Vendor Specific Advisory URL: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03127140
Mail List Post: http://seclists.org/bugtraq/2012/Jan/123
Vendor URL: http://www.jboss.com/products/platforms/application
Vendor Specific News/Changelog Entry: http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp03/html-single/readme/index.html
http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3.0.cp01/html-single/readme/
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=457757
https://jira.jboss.org/jira/browse/JBPAPP-544
RedHat RHSA: RHSA-2008:0825 RHSA-2008:0826 RHSA-2008:0827 RHSA-2008:0828

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/47551