Vulnerability Description
JBoss Enterprise Application Platform (aka JBossEAP or EAP) before 4.2.0.CP03, and 4.3.0 before 4.3.0.CP01, allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jboss | Enterprise Application Platform | <= 4.2.0.cp03 |
Related Weaknesses (CWE)
References
- http://marc.info/?l=bugtraq&m=132698550418872&w=2
- http://rhn.redhat.com/errata/RHSA-2008-0825.html
- http://rhn.redhat.com/errata/RHSA-2008-0826.html
- http://rhn.redhat.com/errata/RHSA-2008-0827.html
- http://rhn.redhat.com/errata/RHSA-2008-0828.html
- http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp0
- http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3.0.cp0
- http://www.securityfocus.com/bid/30540
- http://www.securitytracker.com/id?1020628
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=457757
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44235
- https://jira.jboss.org/jira/browse/JBPAPP-544
- http://marc.info/?l=bugtraq&m=132698550418872&w=2
- http://rhn.redhat.com/errata/RHSA-2008-0825.html
- http://rhn.redhat.com/errata/RHSA-2008-0826.html
FAQ
What is CVE-2008-3273?
CVE-2008-3273 is a vulnerability with a CVSS score of 5.0 (MEDIUM). JBoss Enterprise Application Platform (aka JBossEAP or EAP) before 4.2.0.CP03, and 4.3.0 before 4.3.0.CP01, allows remote attackers to obtain sensitive information about "deployed web contexts" via a ...
How severe is CVE-2008-3273?
CVE-2008-3273 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-3273?
Check the references section above for vendor advisories and patch information. Affected products include: Jboss Enterprise Application Platform.