In association with heise online

10 March 2009, 11:41

JBoss vulnerability closed

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

According to a report from Red Hat, a vulnerability in JBoss Web Services (WS) in the JBoss Enterprise Application Platform (EAP) that could allow access to confidential data, has now been closed. The problem was caused by a request handler that did not properly validate the resource path during a request for a WSDL file. The flaw allowed a remote attacker to read arbitrary XML views via a specially crafted request.

Affected versions include JBoss EAP before 4.2.0CP06 and 4.3.0.CP4. Updated packages have been provided by Red Hat to fix the vulnerability. Red Hat is warning users to backup the JBoss EAP server/[configuration]/deploy/ directory and any other customised configuration files, before applying the update.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit