FKIE_CVE-2009-0027

Vulnerability from fkie_nvd - Published: 2009-03-09 21:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
The request handler in JBossWS in JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP06 and 4.3 before 4.3.0.CP04 does not properly validate the resource path during a request for a WSDL file with a custom web-service endpoint, which allows remote attackers to read arbitrary XML files via a crafted request.
References
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2009-0346.htmlPatch
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2009-0347.htmlPatch
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2009-0348.htmlVendor Advisory
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2009-0349.htmlPatch, Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/34112
secalert@redhat.comhttp://www.securityfocus.com/bid/34023
secalert@redhat.comhttp://www.securitytracker.com/id?1021817
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=479668
secalert@redhat.comhttps://jira.jboss.org/jira/browse/JBPAPP-1548
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2009-0346.htmlPatch
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2009-0347.htmlPatch
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2009-0348.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2009-0349.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/34112
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/34023
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1021817
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=479668
af854a3a-2127-422b-91ae-364da2661108https://jira.jboss.org/jira/browse/JBPAPP-1548
Impacted products
Vendor Product Version
redhat jboss_enterprise_application_platform 4.2.0
redhat jboss_enterprise_application_platform 4.2.0
redhat jboss_enterprise_application_platform 4.2.0
redhat jboss_enterprise_application_platform 4.2.0
redhat jboss_enterprise_application_platform 4.2.0
redhat jboss_enterprise_application_platform 4.2.0
redhat jboss_enterprise_application_platform 4.3.0
redhat jboss_enterprise_application_platform 4.3.0
redhat jboss_enterprise_application_platform 4.3.0
redhat jboss_enterprise_application_platform 4.3.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp01:*:*:*:*:*:*",
              "matchCriteriaId": "599FBAC3-2E83-443B-AACB-99BBA896CB19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp02:*:*:*:*:*:*",
              "matchCriteriaId": "43590B58-A1C7-4105-A00F-6C4F46A6CC5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp03:*:*:*:*:*:*",
              "matchCriteriaId": "A44F907E-AE57-4213-B001-A23319B72CF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp04:*:*:*:*:*:*",
              "matchCriteriaId": "243ED156-851C-4897-AF59-86FCA5C9C66F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp05:*:*:*:*:*:*",
              "matchCriteriaId": "125BF8B0-AF1B-4FB1-9D41-D9FB30AE23FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp06:*:*:*:*:*:*",
              "matchCriteriaId": "A3E7C299-8A2D-4733-98AC-F6FA37CC1C6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp01:*:*:*:*:*:*",
              "matchCriteriaId": "2B3E4026-F98E-4AEB-9FE1-4FFBBF44AC55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp02:*:*:*:*:*:*",
              "matchCriteriaId": "960A513A-CAFC-4B3D-ABD7-4659CF545C73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp03:*:*:*:*:*:*",
              "matchCriteriaId": "C2D8DC6D-5E39-4A53-8BB8-F998706D573F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp04:*:*:*:*:*:*",
              "matchCriteriaId": "3AA2D64E-D7E7-400D-AC7E-CB2045750791",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The request handler in JBossWS in JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP06 and 4.3 before 4.3.0.CP04 does not properly validate the resource path during a request for a WSDL file with a custom web-service endpoint, which allows remote attackers to read arbitrary XML files via a crafted request."
    },
    {
      "lang": "es",
      "value": "El manejador de solicitudes de JBossWS en JBoss Enterprise Application Platform (alias JBoss o JBEAP PEA) 4.2 antes de 4.2.0.CP06 y 4.3 antes de 4.3.0.CP04 no valida la ruta durante una petici\u00f3n de un archivo WSDL con un punto final del web-service propio, lo que permite a atacantes remotos leer archivos XML arbitrarios a trav\u00e9s de una solicitud debidamente modificada."
    }
  ],
  "id": "CVE-2009-0027",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-03-09T21:30:00.170",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2009-0346.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2009-0347.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2009-0348.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2009-0349.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/34112"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/34023"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securitytracker.com/id?1021817"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=479668"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://jira.jboss.org/jira/browse/JBPAPP-1548"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2009-0346.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2009-0347.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2009-0348.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2009-0349.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/34112"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/34023"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1021817"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=479668"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://jira.jboss.org/jira/browse/JBPAPP-1548"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.