CVE-2008-3519

The default configuration of the JBossAs component in Red Hat JBoss Enterprise Application Platform (aka JBossEAP or EAP), possibly 4.2 before CP04 and 4.3 before CP02, when a production environment is enabled, sets the DownloadServerClasses property to true, which allows remote attackers to obtain sensitive information (non-EJB classes) via a download request, a different vulnerability than CVE-2008-3273.
Configurations

Configuration 1

cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:*:cp01:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:*:cp03:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3:*:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2:cp02:*:*:*:*:*:*
cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2:cp01:*:*:*:*:*:*

Information

Published : 2008-09-23 03:24

Updated : 2017-08-08 01:31


NVD link : CVE-2008-3519

Mitre link : CVE-2008-3519

Products Affected
No products.
CWE