JBoss Web Framework Kit Information Disclosure Vulnerabilities
Last Update Date:
22 Jan 2014 17:51
Release Date:
22 Jan 2014
3149
Views
RISK: Medium Risk
TYPE: Servers - Web Servers
![TYPE: Web Servers](/f/bulletin_type/100012/37p37/servers-webservers.png)
Multiple vulnerabilities have been identified in Red Hat JBoss Web Framework Kit, which can be exploited by malicious users to disclose potentially sensitive information.
- An error related to the InterfaceGenerator handler within JBoss Seam Remoting can be exploited to gain knowledge of all classes and methods within the classpath.
- An error when parsing XML entities related to the ExecutionHandler, PollHandler, and SubscriptionHandler classes within JBoss Seam Remoting can be exploited to e.g. disclose the content of certain files via a specially crafted XML document including external entity references.
Impact
- Information Disclosure
System / Technologies affected
- Version 2.4.0
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Apply update.
Vulnerability Identifier
Source
Related Link
Share with