VDB
CVE-2008-3519
CVE-2008-3519
PUBLISHED
CVSS 4.300000190734863 MEDIUM
The default configuration of the JBossAs component in Red Hat JBoss Enterprise Application Platform (aka JBossEAP or EAP), possibly 4.2 before CP04 and 4.3 before CP02, when a production environment is enabled, sets the DownloadServerClasses property to true, which allows remote attackers to obtain sensitive information (non-EJB classes) via a download request, a different vulnerability than CVE-2008-3273.
EPSS 0.71% · 72.5th percentile
Risk Scores
CVSS 2.0
4.300000190734863
EPSS Score
0.71%
72.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| redhat | jboss_enterprise_application_platform | 4.2, 0, 0 |
| n/a | n/a | n/a |
Exploit Intelligence
- http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=458823 (circl)
- http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3.0.cp02/html-single/readme/index.html (circl)
- http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp04/html-single/readme/index.html (circl)
- RHSA-2008:0832 (circl)
- RHSA-2008:0833 (circl)
- RHSA-2008:0831 (circl)
- RHSA-2008:0834 (circl)
- 31300 (circl)
- jboss-downloadserverclasses-info-disclosure(45305) (circl)
- 1020905 (circl)
Timeline
- Sep 23, 2008 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 3, 2023 EPSS Score
- Feb 9, 2023 EPSS Score
- Feb 13, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
References
- http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=458823 url
- http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3.0.cp02/html-single/readme/index.html url
- http://www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp04/html-single/readme/index.html url
- RHSA-2008:0832 vendor-advisory
- RHSA-2008:0833 vendor-advisory
- RHSA-2008:0831 vendor-advisory
- RHSA-2008:0834 vendor-advisory
- 31300 vdb
- jboss-downloadserverclasses-info-disclosure(45305) vdb
- 1020905 vdb
- https://nvd.nist.gov/vuln/detail/CVE-2008-3519 advisory