Candidate: CVE-2009-0027
PublicDate: 2009-03-09 21:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0027
Description:
 The request handler in JBossWS in JBoss Enterprise Application Platform
 (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP06 and 4.3 before 4.3.0.CP04
 does not properly validate the resource path during a request for a WSDL
 file with a custom web-service endpoint, which allows remote attackers to
 read arbitrary XML files via a crafted request.
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_jbossas4:
upstream_jbossas4: released (4.2.0.CP06, 4.3.0.CP04)
dapper_jbossas4: DNE
gutsy_jbossas4: DNE
hardy_jbossas4: not-affected (4.2.2.GA-1)
intrepid_jbossas4: not-affected (4.2.2.GA-5ubuntu2)
jaunty_jbossas4: not-affected (4.2.3.GA-1)
karmic_jbossas4: not-affected (4.2.3.GA-1)
devel_jbossas4: not-affected (4.2.3.GA-1ubuntu1)