CVE-2009-0027

CVE-2009-0027 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

The request handler in JBossWS in JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP06 and 4.3 before 4.3.0.CP04 does not properly validate the resource path during a request for a WSDL file with a custom web-service endpoint, which allows remote attackers to read arbitrary XML files via a crafted request.

Learn more about our Web App Pen Testing.