Back to search
CVE-2009-0027
Published: Mar 9, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
The request handler in JBossWS in JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP06 and 4.3 before 4.3.0.CP04 does not properly validate the resource path during a request for a WSDL file with a custom web-service endpoint, which allows remote attackers to read arbitrary XML files via a crafted request.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
34112
third-party-advisory
x_refsource_SECUNIA
RHSA-2009:0346
vendor-advisory
x_refsource_REDHAT
https://jira.jboss.org/jira/browse/JBPAPP-1548
x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=479668
x_refsource_CONFIRM
1021817
vdb-entry
x_refsource_SECTRACK
RHSA-2009:0347
vendor-advisory
x_refsource_REDHAT
34023
vdb-entry
x_refsource_BID
RHSA-2009:0348
vendor-advisory
x_refsource_REDHAT
RHSA-2009:0349
vendor-advisory
x_refsource_REDHAT
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now