CVE-2009-0027

The request handler in JBossWS in JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP06 and 4.3 before 4.3.0.CP04 does not properly validate the resource path during a request for a WSDL file with a custom web-service endpoint, which allows remote attackers to read arbitrary XML files via a crafted request.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://rhn.redhat.com/errata/RHSA-2009-0346.html	Patch
http://rhn.redhat.com/errata/RHSA-2009-0347.html	Patch
http://rhn.redhat.com/errata/RHSA-2009-0348.html	Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2009-0349.html	Patch Vendor Advisory
http://secunia.com/advisories/34112
http://www.securityfocus.com/bid/34023
http://www.securitytracker.com/id?1021817
https://bugzilla.redhat.com/show_bug.cgi?id=479668
https://jira.jboss.org/jira/browse/JBPAPP-1548
http://rhn.redhat.com/errata/RHSA-2009-0346.html	Patch
http://rhn.redhat.com/errata/RHSA-2009-0347.html	Patch
http://rhn.redhat.com/errata/RHSA-2009-0348.html	Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2009-0349.html	Patch Vendor Advisory
http://secunia.com/advisories/34112
http://www.securityfocus.com/bid/34023
http://www.securitytracker.com/id?1021817
https://bugzilla.redhat.com/show_bug.cgi?id=479668
https://jira.jboss.org/jira/browse/JBPAPP-1548

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp01::::::
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp02::::::
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp03::::::
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp04::::::
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp05::::::
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp06::::::
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp01::::::
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp02::::::
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp03::::::
	cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp04::::::

History

21 Nov 2024, 00:58

Type	Values Removed	Values Added
References	~~() http://rhn.redhat.com/errata/RHSA-2009-0346.html - Patch~~	() http://rhn.redhat.com/errata/RHSA-2009-0346.html - Patch
References	~~() http://rhn.redhat.com/errata/RHSA-2009-0347.html - Patch~~	() http://rhn.redhat.com/errata/RHSA-2009-0347.html - Patch
References	~~() http://rhn.redhat.com/errata/RHSA-2009-0348.html - Vendor Advisory~~	() http://rhn.redhat.com/errata/RHSA-2009-0348.html - Vendor Advisory
References	~~() http://rhn.redhat.com/errata/RHSA-2009-0349.html - Patch, Vendor Advisory~~	() http://rhn.redhat.com/errata/RHSA-2009-0349.html - Patch, Vendor Advisory
References	~~() http://secunia.com/advisories/34112 -~~	() http://secunia.com/advisories/34112 -
References	~~() http://www.securityfocus.com/bid/34023 -~~	() http://www.securityfocus.com/bid/34023 -
References	~~() http://www.securitytracker.com/id?1021817 -~~	() http://www.securitytracker.com/id?1021817 -
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=479668 -~~	() https://bugzilla.redhat.com/show_bug.cgi?id=479668 -
References	~~() https://jira.jboss.org/jira/browse/JBPAPP-1548 -~~	() https://jira.jboss.org/jira/browse/JBPAPP-1548 -

Information

Published : 2009-03-09 21:30

Updated : 2025-04-09 00:30

NVD link : CVE-2009-0027

Mitre link : CVE-2009-0027

CVE.ORG link : CVE-2009-0027

JSON object : View

Products Affected

redhat

jboss_enterprise_application_platform

CWE

CWE-20

Improper Input Validation

{"id": "CVE-2009-0027", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2009-03-09T21:30:00.170", "references": [{"url": "http://rhn.redhat.com/errata/RHSA-2009-0346.html", "tags": ["Patch"], "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2009-0347.html", "tags": ["Patch"], "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2009-0348.html", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2009-0349.html", "tags": ["Patch", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/34112", "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/34023", "source": "secalert@redhat.com"}, {"url": "http://www.securitytracker.com/id?1021817", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=479668", "source": "secalert@redhat.com"}, {"url": "https://jira.jboss.org/jira/browse/JBPAPP-1548", "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2009-0346.html", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://rhn.redhat.com/errata/RHSA-2009-0347.html", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://rhn.redhat.com/errata/RHSA-2009-0348.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://rhn.redhat.com/errata/RHSA-2009-0349.html", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/34112", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/34023", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id?1021817", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=479668", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://jira.jboss.org/jira/browse/JBPAPP-1548", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "The request handler in JBossWS in JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP06 and 4.3 before 4.3.0.CP04 does not properly validate the resource path during a request for a WSDL file with a custom web-service endpoint, which allows remote attackers to read arbitrary XML files via a crafted request."}, {"lang": "es", "value": "El manejador de solicitudes de JBossWS en JBoss Enterprise Application Platform (alias JBoss o JBEAP PEA) 4.2 antes de 4.2.0.CP06 y 4.3 antes de 4.3.0.CP04 no valida la ruta durante una petici\u00f3n de un archivo WSDL con un punto final del web-service propio, lo que permite a atacantes remotos leer archivos XML arbitrarios a trav\u00e9s de una solicitud debidamente modificada."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp01:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "599FBAC3-2E83-443B-AACB-99BBA896CB19"}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp02:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "43590B58-A1C7-4105-A00F-6C4F46A6CC5B"}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp03:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A44F907E-AE57-4213-B001-A23319B72CF8"}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp04:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "243ED156-851C-4897-AF59-86FCA5C9C66F"}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp05:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "125BF8B0-AF1B-4FB1-9D41-D9FB30AE23FC"}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp06:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A3E7C299-8A2D-4733-98AC-F6FA37CC1C6C"}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp01:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2B3E4026-F98E-4AEB-9FE1-4FFBBF44AC55"}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp02:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "960A513A-CAFC-4B3D-ABD7-4659CF545C73"}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp03:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C2D8DC6D-5E39-4A53-8BB8-F998706D573F"}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp04:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3AA2D64E-D7E7-400D-AC7E-CB2045750791"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}

5.0 /10