CVE-2008-3273 — Vulnetix

Try Vulnetix Request Demo

CVE-2008-3273 PUBLISHED CVSS 5 MEDIUM

JBoss Enterprise Application Platform (aka JBossEAP or EAP) before 4.2.0.CP03, and 4.3.0 before 4.3.0.CP01, allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string.

EPSS 41.40% · 97.4th percentile

Risk Scores

CVSS v2.0

5

EPSS Score

41.40%

97.4th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
jboss	enterprise_application_platform	0, 0, 4.2.0.cp01

Timeline

CVE Published
May 29, 2018 PoC Published
Feb 4, 2022 EPSS Score
Feb 3, 2023 EPSS Score
Feb 13, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Aug 30, 2024 PoC Published
Feb 6, 2025 PoC Published
Feb 23, 2025 PoC Published
Mar 17, 2025 EPSS Score
Mar 29, 2025 EPSS Score
Mar 30, 2025 EPSS Score

References

RHSA-2008:0828 vendor-advisory
RHSA-2008:0826 vendor-advisory
HPSBMU02736 vendor-advisory
http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp03/html-single/readme/index.html url
jbosseap-statusservlet-info-disclosure(44235) vdb
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=457757 url
http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3.0.cp01/html-single/readme/ url
RHSA-2008:0827 vendor-advisory
https://jira.jboss.org/jira/browse/JBPAPP-544 url
RHSA-2008:0825 vendor-advisory
1020628 vdb
30540 vdb
https://nvd.nist.gov/vuln/detail/CVE-2008-3273 advisory
http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3.0.cp01/html-single/readme url

Open in Interactive Console →