Required CVE Record Information
Description
Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression.
References 13 Total
- rhn.redhat.com: RHSA-2010:0379 vendor-advisory
- rhn.redhat.com: RHSA-2010:0378 vendor-advisory
- marc.info: HPSBMU02736 vendor-advisory
- rhn.redhat.com: RHSA-2010:0376 vendor-advisory
- rhn.redhat.com: RHSA-2010:0377 vendor-advisory
- exchange.xforce.ibmcloud.com: jboss-status-servlet-information-disclosure(58149) vdb-entry
- marc.info: SSRT100699 vendor-advisory
- vupen.com: ADV-2010-0992 vdb-entry
- exploit-db.com: 44009 exploit
- securityfocus.com: 39710 vdb-entry
- secunia.com: 39563 third-party-advisory
- securitytracker.com: 1023918 vdb-entry
- https://bugzilla.redhat.com/show_bug.cgi?id=585900
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 13 Total
- rhn.redhat.com: RHSA-2010:0379 vendor-advisoryx_transferred
- rhn.redhat.com: RHSA-2010:0378 vendor-advisoryx_transferred
- marc.info: HPSBMU02736 vendor-advisoryx_transferred
- rhn.redhat.com: RHSA-2010:0376 vendor-advisoryx_transferred
- rhn.redhat.com: RHSA-2010:0377 vendor-advisoryx_transferred
- exchange.xforce.ibmcloud.com: jboss-status-servlet-information-disclosure(58149) vdb-entryx_transferred
- marc.info: SSRT100699 vendor-advisoryx_transferred
- vupen.com: ADV-2010-0992 vdb-entryx_transferred
- exploit-db.com: 44009 exploitx_transferred
- securityfocus.com: 39710 vdb-entryx_transferred
- secunia.com: 39563 third-party-advisoryx_transferred
- securitytracker.com: 1023918 vdb-entryx_transferred
- https://bugzilla.redhat.com/show_bug.cgi?id=585900 x_transferred