CVE-2010-0738
Red Hat JBoss Authentication Bypass Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
5Exploited in Wild
YesDecision
Descriptions
The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method.
La aplicación web JMX-Console en JBossAs en Red Hat JBoss Enterprise Application Platform (conocido como JBoss EAP o JBEAP) v4.2 anterior v4.2.0.CP09 y v4.3 anterior v4.3.0.CP08 realiza un control de acceso sólo para los métodos GET y POST, lo que permite a a atacantes remotos enviar peticiones en el manejador GET de la aplicación que usan un método diferente.
The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2010-02-26 CVE Reserved
- 2010-04-28 CVE Published
- 2010-08-03 First Exploit
- 2022-05-25 Exploited in Wild
- 2022-06-15 KEV Due Date
- 2024-06-29 EPSS Updated
- 2024-08-07 CVE Updated
CWE
- CWE-284: Improper Access Control
CAPEC
References (19)
| URL | Tag | Source |
|---|---|---|
| http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=35 | Third Party Advisory | |
| http://securityreason.com/securityalert/8408 | Broken Link | |
| http://securitytracker.com/id?1023918 | Broken Link | |
| http://www.securityfocus.com/bid/39710 | Broken Link | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/58147 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/17924 | 2011-10-03 | |
| https://www.exploit-db.com/exploits/16274 | 2011-03-04 | |
| https://www.exploit-db.com/exploits/16316 | 2010-08-03 | |
| https://www.exploit-db.com/exploits/16319 | 2011-01-10 | |
| http://marc.info/?l=bugtraq&m=132129312609324&w=2 | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/39563 | 2024-06-28 | |
| http://www.vupen.com/english/advisories/2010/0992 | 2024-06-28 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=574105 | 2010-04-27 | |
| https://rhn.redhat.com/errata/RHSA-2010-0376.html | 2024-06-28 | |
| https://rhn.redhat.com/errata/RHSA-2010-0377.html | 2024-06-28 | |
| https://rhn.redhat.com/errata/RHSA-2010-0378.html | 2024-06-28 | |
| https://rhn.redhat.com/errata/RHSA-2010-0379.html | 2024-06-28 | |
| https://access.redhat.com/security/cve/CVE-2010-0738 | 2010-04-27 | |
| https://access.redhat.com/kb/docs/DOC-30741 | 2010-04-27 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Redhat Search vendor "Redhat" | Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform" | 4.2.0 Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "4.2.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform" | 4.3.0 Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "4.3.0" | - |
Affected
| ||||||