Skip to main content

JBoss Web Framework Kit Information Disclosure Vulnerabilities

Last Update Date: 22 Jan 2014 17:51 Release Date: 22 Jan 2014 3837 Views

RISK: Medium Risk

TYPE: Servers - Web Servers

TYPE: Web Servers

Multiple vulnerabilities have been identified in Red Hat JBoss Web Framework Kit, which can be exploited by malicious users to disclose potentially sensitive information.

  1. An error related to the InterfaceGenerator handler within JBoss Seam Remoting can be exploited to gain knowledge of all classes and methods within the classpath.
  2. An error when parsing XML entities related to the ExecutionHandler, PollHandler, and SubscriptionHandler classes within JBoss Seam Remoting can be exploited to e.g. disclose the content of certain files via a specially crafted XML document including external entity references.

Impact

  • Information Disclosure

System / Technologies affected

  • Version 2.4.0

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Apply update.

Vulnerability Identifier


Source


Related Link