OpenCVE

The default configuration of the JBossAs component in Red Hat JBoss Enterprise Application Platform (aka JBossEAP or EAP), possibly 4.2 before CP04 and 4.3 before CP02, when a production environment is enabled, sets the DownloadServerClasses property to true, which allows remote attackers to obtain sensitive information (non-EJB classes) via a download request, a different vulnerability than CVE-2008-3273.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Redhat	Jboss Enterprise Application Platform

Configuration 1 [-]

OR	cpe:2.3:a:redhat:jboss_enterprise_application_platform::cp03::::::*
	cpe:2.3:a:redhat:jboss_enterprise_application_platform::cp01::::::*
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2:::::::*
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2:cp01::::::
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2:cp02::::::
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3:::::::*

Package	CPE	Advisory	Released Date
JBEAP 4.2.0 for RHEL 4
glassfish-javamail-0:1.4.0-0jpp.ep1.10.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2008:0833	2008-09-22T00:00:00Z
hibernate3-1:3.2.4-1.SP1_CP04.0jpp.ep1.3.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2008:0833	2008-09-22T00:00:00Z
hibernate3-annotations-0:3.2.1-4.GA_CP02.1jpp.ep1.7.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2008:0833	2008-09-22T00:00:00Z
hibernate3-validator-0:0.0.0-1.1jpp.ep1.1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2008:0833	2008-09-22T00:00:00Z
jboss-aop-0:1.5.5-2.CP02.0jpp.ep1.2.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2008:0833	2008-09-22T00:00:00Z
jbossas-0:4.2.0-3.GA_CP04.ep1.8.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2008:0833	2008-09-22T00:00:00Z
jboss-remoting-0:2.2.2-3.SP9.0jpp.ep1.1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2008:0833	2008-09-22T00:00:00Z
jboss-seam-0:1.2.1-1.ep1.10.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2008:0833	2008-09-22T00:00:00Z
jbossts-1:4.2.3-1.SP5_CP02.1jpp.ep1.1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2008:0833	2008-09-22T00:00:00Z
jbossweb-0:2.0.0-4.CP06.0jpp.ep1.1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2008:0833	2008-09-22T00:00:00Z
rh-eap-docs-0:4.2.0-4.GA_CP04.ep1.5.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el4	RHSA-2008:0833	2008-09-22T00:00:00Z
JBEAP 4.2.0 for RHEL 5
hibernate3-1:3.2.4-1.SP1_CP04.0jpp.ep1.3.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2008:0834	2008-09-22T00:00:00Z
hibernate3-annotations-0:3.2.1-4.GA_CP02.1jpp.ep1.7.el5.1	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2008:0834	2008-09-22T00:00:00Z
jboss-aop-0:1.5.5-2.CP02.0jpp.ep1.2.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2008:0834	2008-09-22T00:00:00Z
jbossas-0:4.2.0-4.GA_CP04.ep1.7.el5.6	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2008:0834	2008-09-22T00:00:00Z
jboss-remoting-0:2.2.2-3.SP9.0jpp.ep1.2.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2008:0834	2008-09-22T00:00:00Z
jboss-seam-0:1.2.1-1.ep1.9.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2008:0834	2008-09-22T00:00:00Z
jbossts-1:4.2.3-1.SP5_CP02.1jpp.ep1.2.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2008:0834	2008-09-22T00:00:00Z
jbossweb-0:2.0.0-4.CP06.0jpp.ep1.1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2008:0834	2008-09-22T00:00:00Z
rh-eap-docs-0:4.2.0-4.GA_CP04.ep1.3.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0::el5	RHSA-2008:0834	2008-09-22T00:00:00Z
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 4
glassfish-javamail-0:1.4.0-0jpp.ep1.10.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2008:0831	2008-09-22T00:00:00Z
glassfish-jaxb-0:2.1.4-1jpp.ep1.2.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2008:0831	2008-09-22T00:00:00Z
glassfish-jaxws-0:2.1.1-1jpp.ep1.3.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2008:0831	2008-09-22T00:00:00Z
hibernate3-1:3.2.4-1.SP1_CP04.0jpp.ep1.3.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2008:0831	2008-09-22T00:00:00Z
hibernate3-annotations-0:3.2.1-4.GA_CP02.1jpp.ep1.7.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2008:0831	2008-09-22T00:00:00Z
hibernate3-validator-0:0.0.0-1.1jpp.ep1.1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2008:0831	2008-09-22T00:00:00Z
javassist-0:3.8.0-1.ep1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2008:0831	2008-09-22T00:00:00Z
jboss-aop-0:1.5.5-2.CP02.0jpp.ep1.2.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2008:0831	2008-09-22T00:00:00Z
jbossas-0:4.3.0-2.GA_CP02.ep1.10.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2008:0831	2008-09-22T00:00:00Z
jboss-messaging-0:1.4.0-1.SP3_CP03.0jpp.ep1.3.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2008:0831	2008-09-22T00:00:00Z
jboss-remoting-0:2.2.2-3.SP9.0jpp.ep1.1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2008:0831	2008-09-22T00:00:00Z
jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.10.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2008:0831	2008-09-22T00:00:00Z
jbossts-1:4.2.3-1.SP5_CP02.1jpp.ep1.1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2008:0831	2008-09-22T00:00:00Z
jbossweb-0:2.0.0-4.CP06.0jpp.ep1.1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2008:0831	2008-09-22T00:00:00Z
jbossws-0:2.0.1-2.SP2_CP03.0jpp.ep1.1.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2008:0831	2008-09-22T00:00:00Z
jbossws-common-0:1.0.0-1.GA_CP01.0jpp.ep1.3.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2008:0831	2008-09-22T00:00:00Z
jbossws-framework-0:2.0.1-0jpp.ep1.11.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2008:0831	2008-09-22T00:00:00Z
rh-eap-docs-0:4.3.0-3.GA_CP02.ep1.9.el4	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el4	RHSA-2008:0831	2008-09-22T00:00:00Z
Red Hat JBoss Enterprise Application Platform 4.3 for RHEL 5
glassfish-jaf-0:1.1.0-0jpp.ep1.12.el5.1	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2008:0832	2008-09-22T00:00:00Z
glassfish-javamail-0:1.4.0-0jpp.ep1.10.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2008:0832	2008-09-22T00:00:00Z
glassfish-jaxb-0:2.1.4-1jpp.ep1.4.el5.2	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2008:0832	2008-09-22T00:00:00Z
glassfish-jaxws-0:2.1.1-1jpp.ep1.3.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2008:0832	2008-09-22T00:00:00Z
glassfish-jstl-0:1.2.0-0jpp.ep1.10.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2008:0832	2008-09-22T00:00:00Z
hibernate3-1:3.2.4-1.SP1_CP04.0jpp.ep1.3.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2008:0832	2008-09-22T00:00:00Z
hibernate3-annotations-0:3.2.1-4.GA_CP02.1jpp.ep1.7.el5.1	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2008:0832	2008-09-22T00:00:00Z
hibernate3-commons-annotations-0:0.0.0-1.1jpp.ep1.1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2008:0832	2008-09-22T00:00:00Z
hibernate3-entitymanager-0:3.2.1-2.GA_CP03.1jpp.ep1.9.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2008:0832	2008-09-22T00:00:00Z
hibernate3-validator-0:0.0.0-1.1jpp.ep1.1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2008:0832	2008-09-22T00:00:00Z
javassist-0:3.8.0-1jpp.ep1.2.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2008:0832	2008-09-22T00:00:00Z
jboss-aop-0:1.5.5-2.CP02.0jpp.ep1.2.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2008:0832	2008-09-22T00:00:00Z
jbossas-0:4.3.0-2.GA_CP02.ep1.10.el5.2	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2008:0832	2008-09-22T00:00:00Z
jboss-jaxr-0:1.2.0-SP1.0jpp.ep1.4.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2008:0832	2008-09-22T00:00:00Z
jboss-messaging-0:1.4.0-1.SP3_CP03.0jpp.ep1.3.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2008:0832	2008-09-22T00:00:00Z
jboss-remoting-0:2.2.2-3.SP9.0jpp.ep1.2.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2008:0832	2008-09-22T00:00:00Z
jboss-seam-0:1.2.1-3.JBPAPP_4_3_0_GA.ep1.7.el5.1	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2008:0832	2008-09-22T00:00:00Z
jbossts-1:4.2.3-1.SP5_CP02.1jpp.ep1.2.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2008:0832	2008-09-22T00:00:00Z
jbossweb-0:2.0.0-4.CP06.0jpp.ep1.1.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2008:0832	2008-09-22T00:00:00Z
jbossws-0:2.0.1-2.SP2_CP03.0jpp.ep1.1.el5.1	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2008:0832	2008-09-22T00:00:00Z
jbossws-common-0:1.0.0-1.GA_CP01.0jpp.ep1.3.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2008:0832	2008-09-22T00:00:00Z
jbossws-framework-0:2.0.1-0jpp.ep1.11.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2008:0832	2008-09-22T00:00:00Z
jbossxb-0:1.0.0-2.SP3.0jpp.ep1.3.el5.1	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2008:0832	2008-09-22T00:00:00Z
rh-eap-docs-0:4.3.0-2.GA_CP02.ep1.6.el5	cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0::el5	RHSA-2008:0832	2008-09-22T00:00:00Z

References

Link	Providers
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=458823
http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp04/html-single/readme/index.html
http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3.0.cp02/html-single/readme/index.html
http://www.redhat.com/support/errata/RHSA-2008-0831.html
http://www.redhat.com/support/errata/RHSA-2008-0832.html
http://www.redhat.com/support/errata/RHSA-2008-0833.html
http://www.redhat.com/support/errata/RHSA-2008-0834.html
http://www.securityfocus.com/bid/31300
http://www.securitytracker.com/id?1020905
https://exchange.xforce.ibmcloud.com/vulnerabilities/45305
https://nvd.nist.gov/vuln/detail/CVE-2008-3519
https://www.cve.org/CVERecord?id=CVE-2008-3519

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2008-09-23T14:00:00

Updated: 2024-08-07T09:45:17.958Z

Reserved: 2008-08-07T00:00:00

Link: CVE-2008-3519

Vulnrichment

No data.

NVD

Status : Modified

Published: 2008-09-23T15:24:43.313

Modified: 2024-11-21T00:49:26.893

Link: CVE-2008-3519

Redhat

Severity : Low

Publid Date: 2008-09-22T00:00:00Z

Links: CVE-2008-3519 - Bugzilla

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object