Unrated severityNVD Advisory· Published Mar 9, 2009· Updated Apr 23, 2026
CVE-2009-0027
CVE-2009-0027
Description
The request handler in JBossWS in JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP06 and 4.3 before 4.3.0.CP04 does not properly validate the resource path during a request for a WSDL file with a custom web-service endpoint, which allows remote attackers to read arbitrary XML files via a crafted request.
Affected products
10cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp01:*:*:*:*:*:*+ 9 more
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp01:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp02:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp03:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp04:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp05:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp06:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp01:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp02:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp03:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp04:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- rhn.redhat.com/errata/RHSA-2009-0346.htmlnvdPatch
- rhn.redhat.com/errata/RHSA-2009-0347.htmlnvdPatch
- rhn.redhat.com/errata/RHSA-2009-0349.htmlnvdPatchVendor Advisory
- rhn.redhat.com/errata/RHSA-2009-0348.htmlnvdVendor Advisory
- secunia.com/advisories/34112nvd
- www.securityfocus.com/bid/34023nvd
- www.securitytracker.com/idnvd
- bugzilla.redhat.com/show_bug.cginvd
- jira.jboss.org/jira/browse/JBPAPP-1548nvd
News mentions
0No linked articles in our index yet.