Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

JBoss EAP < 4.2.0.CP03 / 4.3.0.CP01 Status Servlet Information Disclosure

Medium

Synopsis

The remote web server contains a servlet that is affected by an information disclosure vulnerability.

Description

The version of JBoss Enterprise Application Platform (EAP) running on the remote host allows unauthenticated access to the status servlet, which is used to monitor sessions and requests sent to the server.

Solution

Upgrade to version 4.2.0.CP03 / 4.3.0.CP01 or higher.