Unrated severityNVD Advisory· Published Sep 23, 2008· Updated Jun 16, 2026
CVE-2008-3519
CVE-2008-3519
Description
The default configuration of the JBossAs component in Red Hat JBoss Enterprise Application Platform (aka JBossEAP or EAP), possibly 4.2 before CP04 and 4.3 before CP02, when a production environment is enabled, sets the DownloadServerClasses property to true, which allows remote attackers to obtain sensitive information (non-EJB classes) via a download request, a different vulnerability than CVE-2008-3273.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
7cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2:cp01:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2:cp02:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:*:cp01:*:*:*:*:*:*range: <=4.3
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:*:cp03:*:*:*:*:*:*range: <=4.2
- (no CPE)range: <4.2 CP04, <4.3 CP02
Patches
Vulnerability mechanics
References
10- www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.2.0.cp04/html-single/readme/index.htmlnvdPatch
- www.redhat.com/docs/en-US/JBoss_Enterprise_Application_Platform/4.3.0.cp02/html-single/readme/index.htmlnvdPatch
- bugzilla.redhat.com/bugzilla/show_bug.cginvd
- www.redhat.com/support/errata/RHSA-2008-0831.htmlnvd
- www.redhat.com/support/errata/RHSA-2008-0832.htmlnvd
- www.redhat.com/support/errata/RHSA-2008-0833.htmlnvd
- www.redhat.com/support/errata/RHSA-2008-0834.htmlnvd
- www.securityfocus.com/bid/31300nvd
- www.securitytracker.com/idnvd
- exchange.xforce.ibmcloud.com/vulnerabilities/45305nvd
News mentions
0No linked articles in our index yet.