CVE-2008-3519
Severity CVSS v4.0:
Pending analysis
Type:
CWE-16
Configuration Errors
Publication date:
23/09/2008
Last modified:
09/04/2025
Description
The default configuration of the JBossAs component in Red Hat JBoss Enterprise Application Platform (aka JBossEAP or EAP), possibly 4.2 before CP04 and 4.3 before CP02, when a production environment is enabled, sets the DownloadServerClasses property to true, which allows remote attackers to obtain sensitive information (non-EJB classes) via a download request, a different vulnerability than CVE-2008-3273.
Impact
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:redhat:jboss_enterprise_application_platform:*:cp03:*:*:*:*:*:* | 4.2 (including) | |
| cpe:2.3:a:redhat:jboss_enterprise_application_platform:*:cp01:*:*:*:*:*:* | 4.3 (including) | |
| cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2:cp01:*:*:*:*:*:* | ||
| cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2:cp02:*:*:*:*:*:* | ||
| cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=458823
- http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp04/html-single/readme/index.html
- http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3.0.cp02/html-single/readme/index.html
- http://www.redhat.com/support/errata/RHSA-2008-0831.html
- http://www.redhat.com/support/errata/RHSA-2008-0832.html
- http://www.redhat.com/support/errata/RHSA-2008-0833.html
- http://www.redhat.com/support/errata/RHSA-2008-0834.html
- http://www.securityfocus.com/bid/31300
- http://www.securitytracker.com/id?1020905=
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45305
- http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=458823
- http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp04/html-single/readme/index.html
- http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3.0.cp02/html-single/readme/index.html
- http://www.redhat.com/support/errata/RHSA-2008-0831.html
- http://www.redhat.com/support/errata/RHSA-2008-0832.html
- http://www.redhat.com/support/errata/RHSA-2008-0833.html
- http://www.redhat.com/support/errata/RHSA-2008-0834.html
- http://www.securityfocus.com/bid/31300
- http://www.securitytracker.com/id?1020905=
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45305