Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about deployed web contexts via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Jboss_enterprise_application_platform | Redhat | * | 4.2.0 (including) |
Jboss_enterprise_application_platform | Redhat | * | 4.3.0 (including) |
Jboss_enterprise_application_platform | Redhat | 4.2 (including) | 4.2 (including) |
Jboss_enterprise_application_platform | Redhat | 4.2.0-cp01 (including) | 4.2.0-cp01 (including) |
Jboss_enterprise_application_platform | Redhat | 4.2.0-cp02 (including) | 4.2.0-cp02 (including) |
Jboss_enterprise_application_platform | Redhat | 4.2.0-cp03 (including) | 4.2.0-cp03 (including) |
Jboss_enterprise_application_platform | Redhat | 4.2.0-cp04 (including) | 4.2.0-cp04 (including) |
Jboss_enterprise_application_platform | Redhat | 4.2.0-cp05 (including) | 4.2.0-cp05 (including) |
Jboss_enterprise_application_platform | Redhat | 4.2.0-cp06 (including) | 4.2.0-cp06 (including) |
Jboss_enterprise_application_platform | Redhat | 4.2.0-cp07 (including) | 4.2.0-cp07 (including) |
Jboss_enterprise_application_platform | Redhat | 4.3 (including) | 4.3 (including) |
Jboss_enterprise_application_platform | Redhat | 4.3.0-cp01 (including) | 4.3.0-cp01 (including) |
Jboss_enterprise_application_platform | Redhat | 4.3.0-cp02 (including) | 4.3.0-cp02 (including) |
Jboss_enterprise_application_platform | Redhat | 4.3.0-cp03 (including) | 4.3.0-cp03 (including) |
Jboss_enterprise_application_platform | Redhat | 4.3.0-cp04 (including) | 4.3.0-cp04 (including) |
Jboss_enterprise_application_platform | Redhat | 4.3.0-cp05 (including) | 4.3.0-cp05 (including) |
Jboss_enterprise_application_platform | Redhat | 4.3.0-cp06 (including) | 4.3.0-cp06 (including) |