{ "threat_severity" : "Low", "public_date" : "2010-04-26T00:00:00Z", "bugzilla" : { "description" : "JBossEAP status servlet info leak", "id" : "585900", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=585900" }, "cvss" : { "cvss_base_score" : "5.0", "cvss_scoring_vector" : "AV:N/AC:L/Au:N/C:P/I:N/A:N", "status" : "verified" }, "details" : [ "Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about \"deployed web contexts\" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression." ], "affected_release" : [ { "product_name" : "JBEAP 4.2.0 for RHEL 4", "release_date" : "2010-04-27T00:00:00Z", "advisory" : "RHSA-2010:0376", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package" : "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4" }, { "product_name" : "JBEAP 4.2.0 for RHEL 4", "release_date" : "2010-04-27T00:00:00Z", "advisory" : "RHSA-2010:0376", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package" : "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4" }, { "product_name" : "JBEAP 4.2.0 for RHEL 4", "release_date" : "2010-04-27T00:00:00Z", "advisory" : "RHSA-2010:0376", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package" : "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4" }, { "product_name" : "JBEAP 4.2.0 for RHEL 4", "release_date" : "2010-04-27T00:00:00Z", "advisory" : "RHSA-2010:0376", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package" : "jacorb-0:2.3.0-1jpp.ep1.10.el4" }, { "product_name" : "JBEAP 4.2.0 for RHEL 4", "release_date" : "2010-04-27T00:00:00Z", "advisory" : "RHSA-2010:0376", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package" : "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4" }, { "product_name" : "JBEAP 4.2.0 for RHEL 4", "release_date" : "2010-04-27T00:00:00Z", "advisory" : "RHSA-2010:0376", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package" : "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4" }, { "product_name" : "JBEAP 4.2.0 for RHEL 4", "release_date" : "2010-04-27T00:00:00Z", "advisory" : "RHSA-2010:0376", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package" : "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el4" }, { "product_name" : "JBEAP 4.2.0 for RHEL 4", "release_date" : "2010-04-27T00:00:00Z", "advisory" : "RHSA-2010:0376", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package" : "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4" }, { "product_name" : "JBEAP 4.2.0 for RHEL 4", "release_date" : "2010-04-27T00:00:00Z", "advisory" : "RHSA-2010:0376", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package" : "jboss-remoting-0:2.2.3-3.SP2.ep1.el4" }, { "product_name" : "JBEAP 4.2.0 for RHEL 4", "release_date" : "2010-04-27T00:00:00Z", "advisory" : "RHSA-2010:0376", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package" : "jboss-seam-0:1.2.1-1.ep1.24.el4" }, { "product_name" : "JBEAP 4.2.0 for RHEL 4", "release_date" : "2010-04-27T00:00:00Z", "advisory" : "RHSA-2010:0376", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package" : "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4" }, { "product_name" : "JBEAP 4.2.0 for RHEL 4", "release_date" : "2010-04-27T00:00:00Z", "advisory" : "RHSA-2010:0376", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package" : "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4" }, { "product_name" : "JBEAP 4.2.0 for RHEL 4", "release_date" : "2010-04-27T00:00:00Z", "advisory" : "RHSA-2010:0376", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package" : "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.5.el4" }, { "product_name" : "JBEAP 4.2.0 for RHEL 5", "release_date" : "2010-04-27T00:00:00Z", "advisory" : "RHSA-2010:0378", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package" : "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5" }, { "product_name" : "JBEAP 4.2.0 for RHEL 5", "release_date" : "2010-04-27T00:00:00Z", "advisory" : "RHSA-2010:0378", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package" : "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5" }, { "product_name" : "JBEAP 4.2.0 for RHEL 5", "release_date" : "2010-04-27T00:00:00Z", "advisory" : "RHSA-2010:0378", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package" : "jacorb-0:2.3.0-1jpp.ep1.10.1.el5" }, { "product_name" : "JBEAP 4.2.0 for RHEL 5", "release_date" : "2010-04-27T00:00:00Z", "advisory" : "RHSA-2010:0378", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package" : "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5" }, { "product_name" : "JBEAP 4.2.0 for RHEL 5", "release_date" : "2010-04-27T00:00:00Z", "advisory" : "RHSA-2010:0378", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package" : "jbossas-0:4.2.0-6.GA_CP09.6.ep1.el5" }, { "product_name" : "JBEAP 4.2.0 for RHEL 5", "release_date" : "2010-04-27T00:00:00Z", "advisory" : "RHSA-2010:0378", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package" : "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5" }, { "product_name" : "JBEAP 4.2.0 for RHEL 5", "release_date" : "2010-04-27T00:00:00Z", "advisory" : "RHSA-2010:0378", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package" : "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5" }, { "product_name" : "JBEAP 4.2.0 for RHEL 5", "release_date" : "2010-04-27T00:00:00Z", "advisory" : "RHSA-2010:0378", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package" : "jboss-seam-0:1.2.1-1.ep1.24.el5" }, { "product_name" : "JBEAP 4.2.0 for RHEL 5", "release_date" : "2010-04-27T00:00:00Z", "advisory" : "RHSA-2010:0378", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package" : "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5" }, { "product_name" : "JBEAP 4.2.0 for RHEL 5", "release_date" : "2010-04-27T00:00:00Z", "advisory" : "RHSA-2010:0378", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package" : "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5" }, { "product_name" : "JBEAP 4.2.0 for RHEL 5", "release_date" : "2010-04-27T00:00:00Z", "advisory" : "RHSA-2010:0378", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package" : "rh-eap-docs-0:4.2.0-7.GA_CP09.ep1.4.1.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date" : "2010-04-27T00:00:00Z", "advisory" : "RHSA-2010:0377", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package" : "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el4" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date" : "2010-04-27T00:00:00Z", "advisory" : "RHSA-2010:0377", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package" : "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el4" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date" : "2010-04-27T00:00:00Z", "advisory" : "RHSA-2010:0377", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package" : "hsqldb-1:1.8.0.8-3.patch03.1jpp.ep1.3.el4" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date" : "2010-04-27T00:00:00Z", "advisory" : "RHSA-2010:0377", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package" : "jacorb-0:2.3.0-1jpp.ep1.10.el4" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date" : "2010-04-27T00:00:00Z", "advisory" : "RHSA-2010:0377", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package" : "jakarta-commons-httpclient-1:3.0.1-1.patch01.1jpp.ep1.4.el4" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date" : "2010-04-27T00:00:00Z", "advisory" : "RHSA-2010:0377", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package" : "jboss-aop-0:1.5.5-3.CP05.2.ep1.el4" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date" : "2010-04-27T00:00:00Z", "advisory" : "RHSA-2010:0377", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package" : "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el4" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date" : "2010-04-27T00:00:00Z", "advisory" : "RHSA-2010:0377", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package" : "jboss-cache-0:1.4.1-6.SP14.1.ep1.el4" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date" : "2010-04-27T00:00:00Z", "advisory" : "RHSA-2010:0377", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package" : "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el4" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date" : "2010-04-27T00:00:00Z", "advisory" : "RHSA-2010:0377", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package" : "jboss-remoting-0:2.2.3-3.SP2.ep1.el4" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date" : "2010-04-27T00:00:00Z", "advisory" : "RHSA-2010:0377", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package" : "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el4" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date" : "2010-04-27T00:00:00Z", "advisory" : "RHSA-2010:0377", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package" : "jboss-seam2-0:2.0.2.FP-1.ep1.23.el4" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date" : "2010-04-27T00:00:00Z", "advisory" : "RHSA-2010:0377", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package" : "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.el4" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date" : "2010-04-27T00:00:00Z", "advisory" : "RHSA-2010:0377", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package" : "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.el4" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date" : "2010-04-27T00:00:00Z", "advisory" : "RHSA-2010:0377", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package" : "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.el4" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date" : "2010-04-27T00:00:00Z", "advisory" : "RHSA-2010:0377", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package" : "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.6.el4" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date" : "2010-04-27T00:00:00Z", "advisory" : "RHSA-2010:0379", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package" : "hibernate3-1:3.2.4-1.SP1_CP10.0jpp.ep1.1.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date" : "2010-04-27T00:00:00Z", "advisory" : "RHSA-2010:0379", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package" : "hibernate3-annotations-0:3.3.1-1.12.GA_CP03.ep1.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date" : "2010-04-27T00:00:00Z", "advisory" : "RHSA-2010:0379", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package" : "jacorb-0:2.3.0-1jpp.ep1.10.1.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date" : "2010-04-27T00:00:00Z", "advisory" : "RHSA-2010:0379", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package" : "jboss-aop-0:1.5.5-3.CP05.2.ep1.1.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date" : "2010-04-27T00:00:00Z", "advisory" : "RHSA-2010:0379", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package" : "jbossas-0:4.3.0-7.GA_CP08.5.ep1.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date" : "2010-04-27T00:00:00Z", "advisory" : "RHSA-2010:0379", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package" : "jboss-cache-0:1.4.1-6.SP14.1.ep1.1.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date" : "2010-04-27T00:00:00Z", "advisory" : "RHSA-2010:0379", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package" : "jboss-messaging-0:1.4.0-3.SP3_CP10.2.ep1.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date" : "2010-04-27T00:00:00Z", "advisory" : "RHSA-2010:0379", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package" : "jboss-remoting-0:2.2.3-3.SP2.ep1.1.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date" : "2010-04-27T00:00:00Z", "advisory" : "RHSA-2010:0379", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package" : "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.20.el5.1" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date" : "2010-04-27T00:00:00Z", "advisory" : "RHSA-2010:0379", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package" : "jboss-seam2-0:2.0.2.FP-1.ep1.23.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date" : "2010-04-27T00:00:00Z", "advisory" : "RHSA-2010:0379", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package" : "jbossts-1:4.2.3-1.SP5_CP09.1jpp.ep1.1.1.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date" : "2010-04-27T00:00:00Z", "advisory" : "RHSA-2010:0379", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package" : "jbossweb-0:2.0.0-6.CP13.0jpp.ep1.1.1.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date" : "2010-04-27T00:00:00Z", "advisory" : "RHSA-2010:0379", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package" : "jbossws-0:2.0.1-5.SP2_CP08.1.ep1.1.el5" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date" : "2010-04-27T00:00:00Z", "advisory" : "RHSA-2010:0379", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package" : "rh-eap-docs-0:4.3.0-7.GA_CP08.ep1.5.el5" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2010-1429\nhttps://nvd.nist.gov/vuln/detail/CVE-2010-1429" ], "name" : "CVE-2010-1429", "csaw" : false }