JBoss org.jboss.web.WebServer Class Multiple Vulnerabilities (Source Disc, ID)
|
|
Article ID: 18526
Last updated: 27 Jan, 2009
|
|
|
|
Views: 615
|
|
Posted: 22 Jan, 2009
by: Tech Pubs S.
Updated: 27 Jan, 2009
by: Tech Pubs S.
|
|
JBoss org.jboss.web.WebServer Class Multiple Vulnerabilities (Source Disc, ID) |
|
| This script is Copyright (C) 2005-2009 Tenable Network Security, Inc. |
|
|
| Family | CGI abuses |
| Plugin ID | 18526 |
| Bugtraq ID | 13985
16571
|
| CVE ID | CVE-2005-2006
CVE-2006-0656
|
|
| Description: |
Synopsis :
The remote web server is affected by an information disclosure flaw.
Description :
The remote JBoss server is vulnerable to an information disclosure
flaw which may allow an attacker to retrieve the physical path of the
server installation, its security policy, or to guess its exact
version number. An attacker may use this flaw to gain more
information about the remote configuration.
See also :
http://marc.info/?l=bugtraq&m=111911095424496&w=2
http://www.securityfocus.com/advisories/10104
Solution :
Upgrade to JBoss 3.2.8 or 4.0.3. Or edit JBoss jboss-service.xml
configuration file, set DownloadServerClasses to false, and
restart the server.
Risk factor :
Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N) |
|
