CVE-2009-0027
CVE-2009-0027 · MEDIUM Severity
AV:N/AC:L/AU:N/C:P/I:N/A:N
The request handler in JBossWS in JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP06 and 4.3 before 4.3.0.CP04 does not properly validate the resource path during a request for a WSDL file with a custom web-service endpoint, which allows remote attackers to read arbitrary XML files via a crafted request.
Learn more about our Web App Pen Testing.