JBoss Enterprise Application Platform (aka JBossEAP or EAP) prior to 4.2.0.CP03, and 4.3.0 prior to 4.3.0.CP01, allows remote malicious users to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
jboss enterprise application platform 4.2.0.cp01 |
||
jboss enterprise application platform 4.2.0.cp02 |
||
jboss enterprise application platform |