CVE-2008-3273
published 2008-08-10CVE-2008-3273: JBoss Enterprise Application Platform (aka JBossEAP or EAP) before 4.2.0.CP03, and 4.3.0 before 4.3.0.CP01, allows remote attackers to obtain sensitive…
PriorityP341medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
47.11%
98.7th percentile
JBoss Enterprise Application Platform (aka JBossEAP or EAP) before 4.2.0.CP03, and 4.3.0 before 4.3.0.CP01, allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jboss | enterprise_application_platform | <= 4.2.0.cp03 | — |
| jboss | enterprise_application_platform | <= 4.3.0 | — |
| jboss | enterprise_application_platform | — | — |
| jboss | enterprise_application_platform | — | — |
| redhat | jboss_enterprise_application_platform | <= 4.2 | — |
| redhat | jboss_enterprise_application_platform | <= 4.3 | — |
| redhat | jboss_enterprise_application_platform | <= 4.2.0 | — |
| redhat | jboss_enterprise_application_platform | <= 4.3.0 | — |
| redhat | jboss_enterprise_application_platform | — | — |
| redhat | jboss_enterprise_application_platform | — | — |
| redhat | jboss_enterprise_application_platform | — | — |
| redhat | jboss_enterprise_application_platform | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vendor_redhat5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-x26p-67q3-4mfx: Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4
ghsa_unreviewed·2022-05-02·CVSS 5.0
CVE-2010-1429 [MEDIUM] GHSA-x26p-67q3-4mfx: Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4
Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression.
GHSA
GHSA-62gp-x3rq-2r53: The default configuration of the JBossAs component in Red Hat JBoss Enterprise Application Platform (aka JBossEAP or EAP), possibly 4
ghsa_unreviewed·2022-05-02·CVSS 5.0
CVE-2008-3519 [MEDIUM] GHSA-62gp-x3rq-2r53: The default configuration of the JBossAs component in Red Hat JBoss Enterprise Application Platform (aka JBossEAP or EAP), possibly 4
The default configuration of the JBossAs component in Red Hat JBoss Enterprise Application Platform (aka JBossEAP or EAP), possibly 4.2 before CP04 and 4.3 before CP02, when a production environment is enabled, sets the DownloadServerClasses property to true, which allows remote attackers to obtain sensitive information (non-EJB classes) via a download request, a different vulnerability than CVE-2008-3273.
GHSA
GHSA-54mf-48cv-vq2x: JBoss Enterprise Application Platform (aka JBossEAP or EAP) before 4
ghsa_unreviewed·2022-05-01
CVE-2008-3273 [MEDIUM] GHSA-54mf-48cv-vq2x: JBoss Enterprise Application Platform (aka JBossEAP or EAP) before 4
JBoss Enterprise Application Platform (aka JBossEAP or EAP) before 4.2.0.CP03, and 4.3.0 before 4.3.0.CP01, allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string.
Red Hat
JBossEAP status servlet info leak
vendor_redhat·2010-04-26·CVSS 5.0
CVE-2010-1429 [MEDIUM] JBossEAP status servlet info leak
JBossEAP status servlet info leak
Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression.
Red Hat
JBossEAP allows download of non-EJB class files
vendor_redhat·2008-09-22·CVSS 5.0
CVE-2008-3519 [MEDIUM] JBossEAP allows download of non-EJB class files
JBossEAP allows download of non-EJB class files
The default configuration of the JBossAs component in Red Hat JBoss Enterprise Application Platform (aka JBossEAP or EAP), possibly 4.2 before CP04 and 4.3 before CP02, when a production environment is enabled, sets the DownloadServerClasses property to true, which allows remote attackers to obtain sensitive information (non-EJB classes) via a download request, a different vulnerability than CVE-2008-3273.
Red Hat
JBossEAP status servlet info leak
vendor_redhat·2008-08-05·CVSS 5.0
CVE-2008-3273 [MEDIUM] JBossEAP status servlet info leak
JBossEAP status servlet info leak
JBoss Enterprise Application Platform (aka JBossEAP or EAP) before 4.2.0.CP03, and 4.3.0 before 4.3.0.CP01, allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string.
No detection rules found.
Metasploit
JBoss Vulnerability Scanner
metasploit
JBoss Vulnerability Scanner
JBoss Vulnerability Scanner
This module scans a JBoss instance for a few vulnerabilities.
Metasploit
JBoss Status Servlet Information Gathering
metasploit
JBoss Status Servlet Information Gathering
JBoss Status Servlet Information Gathering
This module queries the JBoss status servlet to collect sensitive information, including URL paths, GET parameters and client IP addresses. This module has been tested against JBoss 4.0, 4.2.2 and 4.2.3.
Nuclei
Red Hat JBoss Enterprise Application Platform - Sensitive Information Disclosure
nuclei·CVSS 5.0
CVE-2010-1429 [MEDIUM] Red Hat JBoss Enterprise Application Platform - Sensitive Information Disclosure
Red Hat JBoss Enterprise Application Platform - Sensitive Information Disclosure
Red Hat JBoss Enterprise Application Platform 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 is susceptible to sensitive information disclosure. A remote attacker can obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression.
Template:
id: CVE-2010-1429
info:
name: Red Hat JBoss Enterprise Application Platform - Sensitive Information Disclosure
author: R12W4N
severity: medium
description: |
Red Hat JBoss Enterprise Application Platform 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 is susceptible to sensitive information disclosure. A remote attacker can obtain
HackerOne
CVE-2010-1429 JBoss Insecure Storage of Sensitive Information on ips.mtn.co.ug
hackerone·2024-08-30·CVSS 5.0
CVE-2010-1429 [MEDIUM] CVE-2010-1429 JBoss Insecure Storage of Sensitive Information on ips.mtn.co.ug
CVE-2010-1429 JBoss Insecure Storage of Sensitive Information on ips.mtn.co.ug
## Summary:
Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string. this issue exists because of a CVE-2008-3273 regression. by requesting the Status param and sitting its value to true, Jobss will print a sensitive information such as Memory used/Total Memory / Client IP address.
## Proof of concept
1. Navigate intercept / visit hostserver on https://h30f.n1.ips.mtn.co.ug/status?full=true
1. You can see on the page is sensitive has exposed
1. Bellow of vulnerable code
```java
#inc
Bugzilla
CVE-2010-1429 JBossEAP status servlet info leak
bugzilla·2010-04-26·CVSS 5.0
CVE-2010-1429 [MEDIUM] CVE-2010-1429 JBossEAP status servlet info leak
CVE-2010-1429 JBossEAP status servlet info leak
The JBoss Enterprise Application Platform 4.2.0.CP03 and 4.3.0.CP01 updates for Red Hat Enterprise Linux 4 and 5 fixed an issue (CVE-2008-3273) where unauthenticated users were able to access the status servlet; however, a bug fix included in the 4.2.0.CP06 and 4.3.0.CP04 updates re-introduced the issue.
A remote attacker could use this flaw to acquire details about deployed web contexts.
Discussion:
This issue has been addressed in following products:
JBEAP 4.2.0 for RHEL 4
Via RHSA-2010:0376 https://rhn.redhat.com/errata/RHSA-2010-0376.html
---
This issue has been addressed in following products:
JBEAP 4.3.0 for RHEL 4
Via RHSA-2010:0377 https://rhn.redhat.com/errata/RHSA-2010-0377.html
---
This issue has been addressed in follo
Bugzilla
CVE-2008-3273 JBossEAP status servlet info leak
bugzilla·2008-08-04·CVSS 5.0
CVE-2008-3273 [MEDIUM] CVE-2008-3273 JBossEAP status servlet info leak
CVE-2008-3273 JBossEAP status servlet info leak
The status servlet exposes details about the deployed servlets and makes it easier to identity the attack surface of an EAP installation.
* http://host:8080/status?full=true
http://marc.info/?l=bugtraq&m=132698550418872&w=2http://rhn.redhat.com/errata/RHSA-2008-0825.htmlhttp://rhn.redhat.com/errata/RHSA-2008-0826.htmlhttp://rhn.redhat.com/errata/RHSA-2008-0827.htmlhttp://rhn.redhat.com/errata/RHSA-2008-0828.htmlhttp://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp03/html-single/readme/index.htmlhttp://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3.0.cp01/html-single/readme/http://www.securityfocus.com/bid/30540http://www.securitytracker.com/id?1020628https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=457757https://exchange.xforce.ibmcloud.com/vulnerabilities/44235https://jira.jboss.org/jira/browse/JBPAPP-544http://marc.info/?l=bugtraq&m=132698550418872&w=2http://rhn.redhat.com/errata/RHSA-2008-0825.htmlhttp://rhn.redhat.com/errata/RHSA-2008-0826.htmlhttp://rhn.redhat.com/errata/RHSA-2008-0827.htmlhttp://rhn.redhat.com/errata/RHSA-2008-0828.htmlhttp://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp03/html-single/readme/index.htmlhttp://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3.0.cp01/html-single/readme/http://www.securityfocus.com/bid/30540http://www.securitytracker.com/id?1020628https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=457757https://exchange.xforce.ibmcloud.com/vulnerabilities/44235https://jira.jboss.org/jira/browse/JBPAPP-544
2008-08-10
Published