CVE-2008-3519 — MEDIUM (4.3)

Q: How severe is CVE-2008-3519?

CVE-2008-3519 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2008-3519?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Jboss Enterprise Application Platform.

Vulnerability Description

The default configuration of the JBossAs component in Red Hat JBoss Enterprise Application Platform (aka JBossEAP or EAP), possibly 4.2 before CP04 and 4.3 before CP02, when a production environment is enabled, sets the DownloadServerClasses property to true, which allows remote attackers to obtain sensitive information (non-EJB classes) via a download request, a different vulnerability than CVE-2008-3273.

CVSS Score

4.3

MEDIUM

AV:N/AC:M/Au:N/C:P/I:N/A:N

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Redhat	Jboss Enterprise Application Platform	<= 4.2

Related Weaknesses (CWE)

CWE-16

References

FAQ

What is CVE-2008-3519?

CVE-2008-3519 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The default configuration of the JBossAs component in Red Hat JBoss Enterprise Application Platform (aka JBossEAP or EAP), possibly 4.2 before CP04 and 4.3 before CP02, when a production environment i...

How severe is CVE-2008-3519?

CVE-2008-3519 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2008-3519?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Jboss Enterprise Application Platform.