JBoss Web Framework Kit Information Disclosure Vulnerabilities
Last Update Date:
22 Jan 2014 17:51
Release Date:
22 Jan 2014
3837
Views
RISK: Medium Risk
TYPE: Servers - Web Servers
Multiple vulnerabilities have been identified in Red Hat JBoss Web Framework Kit, which can be exploited by malicious users to disclose potentially sensitive information.
- An error related to the InterfaceGenerator handler within JBoss Seam Remoting can be exploited to gain knowledge of all classes and methods within the classpath.
- An error when parsing XML entities related to the ExecutionHandler, PollHandler, and SubscriptionHandler classes within JBoss Seam Remoting can be exploited to e.g. disclose the content of certain files via a specially crafted XML document including external entity references.
Impact
- Information Disclosure
System / Technologies affected
- Version 2.4.0
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Apply update.
Vulnerability Identifier
Source
Related Link
Share with