VYPR
Unrated severityNVD Advisory· Published Aug 10, 2008· Updated Jun 16, 2026

CVE-2008-3273

CVE-2008-3273

Description

JBoss Enterprise Application Platform (aka JBossEAP or EAP) before 4.2.0.CP03, and 4.3.0 before 4.3.0.CP01, allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

5
  • cpe:2.3:a:jboss:enterprise_application_platform:*:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:jboss:enterprise_application_platform:*:*:*:*:*:*:*:*range: <=4.2.0.cp03
    • cpe:2.3:a:jboss:enterprise_application_platform:4.2.0.cp01:*:*:*:*:*:*:*
    • cpe:2.3:a:jboss:enterprise_application_platform:4.2.0.cp02:*:*:*:*:*:*:*
    • (no CPE)range: <4.2.0.CP03, 4.3.0<4.3.0.CP01
  • JBoss/JBossEAPllm-create
    Range: <4.2.0.CP03, 4.3.0<4.3.0.CP01

Patches

Vulnerability mechanics

References

12

News mentions

0

No linked articles in our index yet.