>> Redhat Security Update Fixes JBoss EAP Information Disclosure Issues
Title : Redhat Security Update Fixes JBoss EAP Information Disclosure Issues VUPEN ID : VUPEN/ADV-2008-2304 CVE ID : CVE-2008-1285 - CVE-2008-3273
Rated as : Moderate Risk
Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2008-08-06
Technical Description
Two vulnerabilities have been identified in JBoss Enterprise Application Platform, which could be exploited by attackers to gain knowledge of sensitive information.
The first issue is caused by an error where unauthenticated users are able to access the status servlet, which could allow remote attackers to acquire details about deployed web contexts.
The second vulnerability is caused by an error in the JavaServer Faces (JSF) component. This issue is related to : VUPEN/ADV-2008-0808
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback If you have additional information or corrections for this security advisory please submit them via our contact form.
