Unrated severityNVD Advisory· Published Mar 9, 2009· Updated Jun 16, 2026
CVE-2009-0027
CVE-2009-0027
Description
The request handler in JBossWS in JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP06 and 4.3 before 4.3.0.CP04 does not properly validate the resource path during a request for a WSDL file with a custom web-service endpoint, which allows remote attackers to read arbitrary XML files via a crafted request.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
12cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp01:*:*:*:*:*:*+ 9 more
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp01:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp02:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp03:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp04:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp05:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp06:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp01:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp02:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp03:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp04:*:*:*:*:*:*
- Range: <4.2.0.CP06, <4.3.0.CP04
Patches
Vulnerability mechanics
References
9- rhn.redhat.com/errata/RHSA-2009-0346.htmlnvdPatch
- rhn.redhat.com/errata/RHSA-2009-0347.htmlnvdPatch
- rhn.redhat.com/errata/RHSA-2009-0349.htmlnvdPatchVendor Advisory
- rhn.redhat.com/errata/RHSA-2009-0348.htmlnvdVendor Advisory
- secunia.com/advisories/34112nvd
- www.securityfocus.com/bid/34023nvd
- www.securitytracker.com/idnvd
- bugzilla.redhat.com/show_bug.cginvd
- jira.jboss.org/jira/browse/JBPAPP-1548nvd
News mentions
0No linked articles in our index yet.