| VID |
22365 |
| Severity |
30 |
| Port |
8083 |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The JBoss server is vulnerable to a remote information disclosure vulnerability. JBoss is a Java server for running J2EE enterprise applications. JBoss version 3.2.7 and earlier, and 4.0.2 and earlier versions are vulnerable to an information disclosure vulnerability, caused by a vulnerability in the org.jboss.web.WebServer class. A remote attacker could send a specially-crafted HTTP request to retrieve the physical path of the server installation, its security policy, or to guess its exact version number.
* References:
http://securitytracker.com/alerts/2005/Jul/1014370.html
http://archives.neohapsis.com/archives/bugtraq/2005-07/0033.html
http://www.illegalaccess.org/index.php
* Platforms Affected:
JBoss Group, JBoss 4.0.2 and earlier
JBoss Group, JBoss 3.2.7 and earlier
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of JBoss (3.2.8 or 4.0.3 or later), available from the JBoss Web site at http://www.jboss.org/products/jbpm |
| Related URL |
CVE-2005-2158 (CVE) |
| Related URL |
13985 (SecurityFocus) |
| Related URL |
21264 (ISS) |
|
