CVE-2008-3519

Table of Contents

Impact:
Low
Public Date:
2008-09-22
Bugzilla:
458823: CVE-2008-3519 JBossEAP allows download of non-EJB class files

The MITRE CVE dictionary describes this issue as:

The default configuration of the JBossAs component in Red Hat JBoss Enterprise Application Platform (aka JBossEAP or EAP), possibly 4.2 before CP04 and 4.3 before CP02, when a production environment is enabled, sets the DownloadServerClasses property to true, which allows remote attackers to obtain sensitive information (non-EJB classes) via a download request, a different vulnerability than CVE-2008-3273.

Find out more about CVE-2008-3519 from the MITRE CVE dictionary dictionary and NIST NVD.

Red Hat Security Errata

Platform Errata Release Date
Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS RHSA-2008:0831 2008-09-22
Red Hat JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server RHSA-2008:0832 2008-09-22
Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 5 Server RHSA-2008:0834 2008-09-22
Red Hat JBoss Enterprise Application Platform 4.2.0 for RHEL 4 AS RHSA-2008:0833 2008-09-22
Last Modified

CVE description copyright © 2017, The MITRE Corporation