CVE-2009-0027

The request handler in JBossWS in JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP06 and 4.3 before 4.3.0.CP04 does not properly validate the resource path during a request for a WSDL file with a custom web-service endpoint, which allows remote attackers to read arbitrary XML files via a crafted request.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 71%
VendorProductVersion
redhatjboss_enterprise_application_platform
4.2.0:cp01
redhatjboss_enterprise_application_platform
4.2.0:cp02
redhatjboss_enterprise_application_platform
4.2.0:cp03
redhatjboss_enterprise_application_platform
4.2.0:cp04
redhatjboss_enterprise_application_platform
4.2.0:cp05
redhatjboss_enterprise_application_platform
4.2.0:cp06
redhatjboss_enterprise_application_platform
4.3.0:cp01
redhatjboss_enterprise_application_platform
4.3.0:cp02
redhatjboss_enterprise_application_platform
4.3.0:cp03
redhatjboss_enterprise_application_platform
4.3.0:cp04
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
jbossas4
karmic
not-affected
jaunty
not-affected
intrepid
not-affected
hardy
not-affected
gutsy
dne
dapper
dne
Common Weakness Enumeration
References
http://rhn.redhat.com/errata/RHSA-2009-0346.html
http://rhn.redhat.com/errata/RHSA-2009-0347.html
http://rhn.redhat.com/errata/RHSA-2009-0348.html
http://rhn.redhat.com/errata/RHSA-2009-0349.html
http://secunia.com/advisories/34112
http://www.securityfocus.com/bid/34023
http://www.securitytracker.com/id?1021817
https://bugzilla.redhat.com/show_bug.cgi?id=479668
https://jira.jboss.org/jira/browse/JBPAPP-1548
http://rhn.redhat.com/errata/RHSA-2009-0346.html
http://rhn.redhat.com/errata/RHSA-2009-0347.html
http://rhn.redhat.com/errata/RHSA-2009-0348.html
http://rhn.redhat.com/errata/RHSA-2009-0349.html
http://secunia.com/advisories/34112
http://www.securityfocus.com/bid/34023
http://www.securitytracker.com/id?1021817
https://bugzilla.redhat.com/show_bug.cgi?id=479668
https://jira.jboss.org/jira/browse/JBPAPP-1548