{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-09-22T00:00:00", "descriptions": [{"lang": "en", "value": "The default configuration of the JBossAs component in Red Hat JBoss Enterprise Application Platform (aka JBossEAP or EAP), possibly 4.2 before CP04 and 4.3 before CP02, when a production environment is enabled, sets the DownloadServerClasses property to true, which allows remote attackers to obtain sensitive information (non-EJB classes) via a download request, a different vulnerability than CVE-2008-3273."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=458823"}, {"tags": ["x_refsource_MISC"], "url": "http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3.0.cp02/html-single/readme/index.html"}, {"tags": ["x_refsource_MISC"], "url": "http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp04/html-single/readme/index.html"}, {"name": "RHSA-2008:0832", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0832.html"}, {"name": "RHSA-2008:0833", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0833.html"}, {"name": "RHSA-2008:0831", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0831.html"}, {"name": "RHSA-2008:0834", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0834.html"}, {"name": "31300", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/31300"}, {"name": "jboss-downloadserverclasses-info-disclosure(45305)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45305"}, {"name": "1020905", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1020905"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T09:45:17.958Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=458823"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3.0.cp02/html-single/readme/index.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp04/html-single/readme/index.html"}, {"name": "RHSA-2008:0832", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0832.html"}, {"name": "RHSA-2008:0833", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0833.html"}, {"name": "RHSA-2008:0831", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0831.html"}, {"name": "RHSA-2008:0834", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0834.html"}, {"name": "31300", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/31300"}, {"name": "jboss-downloadserverclasses-info-disclosure(45305)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45305"}, {"name": "1020905", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1020905"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2008-3519", "datePublished": "2008-09-23T14:00:00", "dateReserved": "2008-08-07T00:00:00", "dateUpdated": "2024-08-07T09:45:17.958Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:*:cp03:*:*:*:*:*:*", "matchCriteriaId": "E07A48EA-306D-470E-9F39-197A36230CD4", "versionEndIncluding": "4.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:*:cp01:*:*:*:*:*:*", "matchCriteriaId": "BF832DC9-B4C9-40AE-BF4D-67B05765D6D0", "versionEndIncluding": "4.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2:*:*:*:*:*:*:*", "matchCriteriaId": "E9830D64-C46F-4423-BE0B-0B1FDB765D62", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2:cp01:*:*:*:*:*:*", "matchCriteriaId": "E715EAF0-DAE9-4FD5-996E-18E61C9CC703", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2:cp02:*:*:*:*:*:*", "matchCriteriaId": "4E6C7D0B-DBC0-4414-9C40-713E01146FA7", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3:*:*:*:*:*:*:*", "matchCriteriaId": "D4816097-6982-4FBA-BD34-3D24BCA5A56A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The default configuration of the JBossAs component in Red Hat JBoss Enterprise Application Platform (aka JBossEAP or EAP), possibly 4.2 before CP04 and 4.3 before CP02, when a production environment is enabled, sets the DownloadServerClasses property to true, which allows remote attackers to obtain sensitive information (non-EJB classes) via a download request, a different vulnerability than CVE-2008-3273."}, {"lang": "es", "value": "La configuraci\u00f3n por defecto del componente JBossAs en Red Hat JBoss Enterprise Application Platform (tambi\u00e9n conocido como JBossEAP o EAP), posiblemente v4.2 anterior a CP04 y v4.3 anterior a CP02, cuando el entorno de producci\u00f3n est\u00e1 activado, establece la propiedad \"DownloadServerClasses\" a \"true\", lo que permite a atacantes remotos obtener informaci\u00f3n sensible (clases no-EJB) a trav\u00e9s de una petici\u00f3n de descarga. Un a vulnerabilidad distinta de CVE-2008-3273."}], "id": "CVE-2008-3519", "lastModified": "2017-08-08T01:31:56.873", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-09-23T15:24:43.313", "references": [{"source": "secalert@redhat.com", "url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=458823"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp04/html-single/readme/index.html"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3.0.cp02/html-single/readme/index.html"}, {"source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2008-0831.html"}, {"source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2008-0832.html"}, {"source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2008-0833.html"}, {"source": "secalert@redhat.com", "url": "http://www.redhat.com/support/errata/RHSA-2008-0834.html"}, {"source": "secalert@redhat.com", "url": "http://www.securityfocus.com/bid/31300"}, {"source": "secalert@redhat.com", "url": "http://www.securitytracker.com/id?1020905"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45305"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-16"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2008:0833", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "glassfish-javamail-0:1.4.0-0jpp.ep1.10.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0833", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "hibernate3-1:3.2.4-1.SP1_CP04.0jpp.ep1.3.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0833", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "hibernate3-annotations-0:3.2.1-4.GA_CP02.1jpp.ep1.7.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0833", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "hibernate3-validator-0:0.0.0-1.1jpp.ep1.1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0833", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jboss-aop-0:1.5.5-2.CP02.0jpp.ep1.2.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0833", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jbossas-0:4.2.0-3.GA_CP04.ep1.8.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0833", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jboss-remoting-0:2.2.2-3.SP9.0jpp.ep1.1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0833", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jboss-seam-0:1.2.1-1.ep1.10.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0833", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jbossts-1:4.2.3-1.SP5_CP02.1jpp.ep1.1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0833", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "jbossweb-0:2.0.0-4.CP06.0jpp.ep1.1.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0833", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4", "package": "rh-eap-docs-0:4.2.0-4.GA_CP04.ep1.5.el4", "product_name": "JBEAP 4.2.0 for RHEL 4", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0834", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "hibernate3-1:3.2.4-1.SP1_CP04.0jpp.ep1.3.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0834", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "hibernate3-annotations-0:3.2.1-4.GA_CP02.1jpp.ep1.7.el5.1", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0834", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jboss-aop-0:1.5.5-2.CP02.0jpp.ep1.2.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0834", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jbossas-0:4.2.0-4.GA_CP04.ep1.7.el5.6", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0834", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jboss-remoting-0:2.2.2-3.SP9.0jpp.ep1.2.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0834", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jboss-seam-0:1.2.1-1.ep1.9.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0834", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jbossts-1:4.2.3-1.SP5_CP02.1jpp.ep1.2.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0834", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "jbossweb-0:2.0.0-4.CP06.0jpp.ep1.1.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0834", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5", "package": "rh-eap-docs-0:4.2.0-4.GA_CP04.ep1.3.el5", "product_name": "JBEAP 4.2.0 for RHEL 5", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0831", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "glassfish-javamail-0:1.4.0-0jpp.ep1.10.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0831", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "glassfish-jaxb-0:2.1.4-1jpp.ep1.2.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0831", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "glassfish-jaxws-0:2.1.1-1jpp.ep1.3.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0831", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "hibernate3-1:3.2.4-1.SP1_CP04.0jpp.ep1.3.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0831", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "hibernate3-annotations-0:3.2.1-4.GA_CP02.1jpp.ep1.7.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0831", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "hibernate3-validator-0:0.0.0-1.1jpp.ep1.1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0831", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "javassist-0:3.8.0-1.ep1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0831", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jboss-aop-0:1.5.5-2.CP02.0jpp.ep1.2.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0831", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jbossas-0:4.3.0-2.GA_CP02.ep1.10.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0831", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jboss-messaging-0:1.4.0-1.SP3_CP03.0jpp.ep1.3.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0831", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jboss-remoting-0:2.2.2-3.SP9.0jpp.ep1.1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0831", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.10.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0831", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jbossts-1:4.2.3-1.SP5_CP02.1jpp.ep1.1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0831", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jbossweb-0:2.0.0-4.CP06.0jpp.ep1.1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0831", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jbossws-0:2.0.1-2.SP2_CP03.0jpp.ep1.1.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0831", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jbossws-common-0:1.0.0-1.GA_CP01.0jpp.ep1.3.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0831", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "jbossws-framework-0:2.0.1-0jpp.ep1.11.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0831", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4", "package": "rh-eap-docs-0:4.3.0-3.GA_CP02.ep1.9.el4", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0832", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "glassfish-jaf-0:1.1.0-0jpp.ep1.12.el5.1", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0832", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "glassfish-javamail-0:1.4.0-0jpp.ep1.10.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0832", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "glassfish-jaxb-0:2.1.4-1jpp.ep1.4.el5.2", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0832", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "glassfish-jaxws-0:2.1.1-1jpp.ep1.3.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0832", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "glassfish-jstl-0:1.2.0-0jpp.ep1.10.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0832", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "hibernate3-1:3.2.4-1.SP1_CP04.0jpp.ep1.3.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0832", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "hibernate3-annotations-0:3.2.1-4.GA_CP02.1jpp.ep1.7.el5.1", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0832", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "hibernate3-commons-annotations-0:0.0.0-1.1jpp.ep1.1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0832", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "hibernate3-entitymanager-0:3.2.1-2.GA_CP03.1jpp.ep1.9.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0832", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "hibernate3-validator-0:0.0.0-1.1jpp.ep1.1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0832", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "javassist-0:3.8.0-1jpp.ep1.2.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0832", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jboss-aop-0:1.5.5-2.CP02.0jpp.ep1.2.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0832", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jbossas-0:4.3.0-2.GA_CP02.ep1.10.el5.2", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0832", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jboss-jaxr-0:1.2.0-SP1.0jpp.ep1.4.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0832", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jboss-messaging-0:1.4.0-1.SP3_CP03.0jpp.ep1.3.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0832", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jboss-remoting-0:2.2.2-3.SP9.0jpp.ep1.2.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0832", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.7.el5.1", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0832", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jbossts-1:4.2.3-1.SP5_CP02.1jpp.ep1.2.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0832", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jbossweb-0:2.0.0-4.CP06.0jpp.ep1.1.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0832", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jbossws-0:2.0.1-2.SP2_CP03.0jpp.ep1.1.el5.1", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0832", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jbossws-common-0:1.0.0-1.GA_CP01.0jpp.ep1.3.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0832", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jbossws-framework-0:2.0.1-0jpp.ep1.11.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0832", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "jbossxb-0:1.0.0-2.SP3.0jpp.ep1.3.el5.1", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2008-09-22T00:00:00Z"}, {"advisory": "RHSA-2008:0832", "cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5", "package": "rh-eap-docs-0:4.3.0-2.GA_CP02.ep1.6.el5", "product_name": "Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5", "release_date": "2008-09-22T00:00:00Z"}], "bugzilla": {"description": "JBossEAP allows download of non-EJB class files", "id": "458823", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=458823"}, "csaw": false, "details": ["The default configuration of the JBossAs component in Red Hat JBoss Enterprise Application Platform (aka JBossEAP or EAP), possibly 4.2 before CP04 and 4.3 before CP02, when a production environment is enabled, sets the DownloadServerClasses property to true, which allows remote attackers to obtain sensitive information (non-EJB classes) via a download request, a different vulnerability than CVE-2008-3273."], "name": "CVE-2008-3519", "public_date": "2008-09-22T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2008-3519\nhttps://nvd.nist.gov/vuln/detail/CVE-2008-3519"], "threat_severity": "Low"}