VYPR

JBossEAP

by JBoss

CVEs (1)

  • CVE-2008-3273Aug 10, 2008
    risk 0.07cvss epss 0.47

    JBoss Enterprise Application Platform (aka JBossEAP or EAP) before 4.2.0.CP03, and 4.3.0 before 4.3.0.CP01, allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string.