Vulnerability CVE-2009-0027 - CERT Civis.Net

Vulnerability Name:

CVE-2009-0027 (CCN-49144)

Assigned:

2008-12-15

Published:

2009-03-06

Updated:

2009-03-21

Summary:

The request handler in JBossWS in JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP06 and 4.3 before 4.3.0.CP04 does not properly validate the resource path during a request for a WSDL file with a custom web-service endpoint, which allows remote attackers to read arbitrary XML files via a crafted request.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2009-0027

Source: CCN
Type: RHSA-2009-0346
Moderate: JBoss Enterprise Application Platform 4.2.0CP06 update

Source: REDHAT
Type: Patch
RHSA-2009:0346

Source: CCN
Type: RHSA-2009-0347
Moderate: JBoss Enterprise Application Platform 4.3.0CP04 update

Source: REDHAT
Type: Patch
RHSA-2009:0347

Source: CCN
Type: RHSA-2009-0348
Moderate: JBoss Enterprise Application Platform 4.2.0CP06 update

Source: REDHAT
Type: Vendor Advisory
RHSA-2009:0348

Source: CCN
Type: RHSA-2009-0349
Moderate: JBoss Enterprise Application Platform 4.3.0CP04 update

Source: REDHAT
Type: Patch, Vendor Advisory
RHSA-2009:0349

Source: CCN
Type: SA34112
JBoss Web Services XML File Disclosure Vulnerability

Source: SECUNIA
Type: UNKNOWN
34112

Source: CCN
Type: SECTRACK ID: 1021817
JBoss Enterprise Application Platform Discloses XML Files to Remote Users

Source: CCN
Type: JBoss Web site
JBossWS

Source: CCN
Type: OSVDB ID: 56358
JBoss Enterprise Application Platform Web Services Crafted Request Arbitrary XML File Disclosure

Source: BID
Type: UNKNOWN
34023

Source: CCN
Type: BID-34023
JBoss Enterprise Application Platform Arbitrary XML File Information Disclosure Vulnerability

Source: SECTRACK
Type: UNKNOWN
1021817

Source: CCN
Type: Red Hat Bugzilla - Bug 479668
CVE-2009-0027 JBoss EAP unprivileged local xml file access

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=479668

Source: XF
Type: UNKNOWN
jboss-wsdl-information-disclosure(49144)

Source: CONFIRM
Type: UNKNOWN
https://jira.jboss.org/jira/browse/JBPAPP-1548

Vulnerable Configuration:

Configuration 1:

cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0:cp01:*:*:*:*:*:*

OR cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0:cp02:*:*:*:*:*:*

OR cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0:cp03:*:*:*:*:*:*

OR cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0:cp04:*:*:*:*:*:*

OR cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0:cp05:*:*:*:*:*:*

OR cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0:cp06:*:*:*:*:*:*

OR cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0:cp01:*:*:*:*:*:*

OR cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0:cp02:*:*:*:*:*:*

OR cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0:cp03:*:*:*:*:*:*

OR cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0:cp04:*:*:*:*:*:*

Denotes that component is vulnerable