The JBoss Enterprise Application Platform 4.2.0.CP03 and 4.3.0.CP01 updates for Red Hat Enterprise Linux 4 and 5 fixed an issue (CVE-2008-3273) where unauthenticated users were able to access the status servlet; however, a bug fix included in the 4.2.0.CP06 and 4.3.0.CP04 updates re-introduced the issue. A remote attacker could use this flaw to acquire details about deployed web contexts.
This issue has been addressed in following products: JBEAP 4.2.0 for RHEL 4 Via RHSA-2010:0376 https://rhn.redhat.com/errata/RHSA-2010-0376.html
This issue has been addressed in following products: JBEAP 4.3.0 for RHEL 4 Via RHSA-2010:0377 https://rhn.redhat.com/errata/RHSA-2010-0377.html
This issue has been addressed in following products: JBEAP 4.2.0 for RHEL 5 Via RHSA-2010:0378 https://rhn.redhat.com/errata/RHSA-2010-0378.html
This issue has been addressed in following products: JBEAP 4.3.0 for RHEL 5 Via RHSA-2010:0379 https://rhn.redhat.com/errata/RHSA-2010-0379.html