4.3

CVE-2008-3519

EPSS 0.71%
Veröffentlicht 23.09.2008 15:24:43
Zuletzt bearbeitet 09.04.2025 00:30:58
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

The default configuration of the JBossAs component in Red Hat JBoss Enterprise Application Platform (aka JBossEAP or EAP), possibly 4.2 before CP04 and 4.3 before CP02, when a production environment is enabled, sets the DownloadServerClasses property to true, which allows remote attackers to obtain sensitive information (non-EJB classes) via a download request, a different vulnerability than CVE-2008-3273.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 13

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Redhat ≫ Jboss Enterprise Application Platform Updatecp03 Version <= 4.2

Redhat ≫ Jboss Enterprise Application Platform Updatecp01 Version <= 4.3

Redhat ≫ Jboss Enterprise Application Platform Version4.2

Redhat ≫ Jboss Enterprise Application Platform Version4.2 Updatecp01

Redhat ≫ Jboss Enterprise Application Platform Version4.2 Updatecp02

Redhat ≫ Jboss Enterprise Application Platform Version4.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.71%	0.697

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

http://www.redhat.com/support/errata/RHSA-2008-0831.html

http://www.redhat.com/support/errata/RHSA-2008-0832.html

http://www.redhat.com/support/errata/RHSA-2008-0833.html

http://www.redhat.com/support/errata/RHSA-2008-0834.html

http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=458823

http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp04/html-single/readme/index.html

Patch

http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3.0.cp02/html-single/readme/index.html

Patch

http://www.securityfocus.com/bid/31300

http://www.securitytracker.com/id?1020905

https://exchange.xforce.ibmcloud.com/vulnerabilities/45305

https://nvd.nist.gov/vuln/detail/CVE-2008-3519

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2008-3519

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2008-3519

EUVD