CVE-2009-0027

The request handler in JBossWS in JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP06 and 4.3 before 4.3.0.CP04 does not properly validate the resource path during a request for a WSDL file with a custom web-service endpoint, which allows remote attackers to read arbitrary XML files via a crafted request.

Published: Mar 9, 2009
Updated: Apr 13, 2023
CVE: CVE-2009-0027
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
redhat / jboss_enterprise_application_platform	4.2.0-cp01	4.2.0-cp01.x
redhat / jboss_enterprise_application_platform	4.2.0-cp06	4.2.0-cp06.x
redhat / jboss_enterprise_application_platform	4.3.0-cp01	4.3.0-cp01.x
redhat / jboss_enterprise_application_platform	4.2.0-cp05	4.2.0-cp05.x
redhat / jboss_enterprise_application_platform	4.2.0-cp04	4.2.0-cp04.x
redhat / jboss_enterprise_application_platform	4.3.0-cp04	4.3.0-cp04.x
redhat / jboss_enterprise_application_platform	4.2.0-cp03	4.2.0-cp03.x
redhat / jboss_enterprise_application_platform	4.3.0-cp03	4.3.0-cp03.x
redhat / jboss_enterprise_application_platform	4.3.0-cp02	4.3.0-cp02.x
redhat / jboss_enterprise_application_platform	4.2.0-cp02	4.2.0-cp02.x

Vulnerability Database

289,599

CVE-2009-0027