CVE-2010-1428
Red Hat JBoss Information Disclosure Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
YesDecision
Descriptions
The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to obtain sensitive information via an unspecified request that uses a different method.
La consola Web(también conocida como web-console) en JBossAs en Red Hat JBoss Enterprise Application Platform (también conocido como JBoss EAP o JBEAP) v4.2 anterior a v4.2.0.CP09 y v4.3 anterior a v4.3.0.CP08 realiza control de acceso solo para los métodos GET y POST, lo que permite a atacantes remotos obtener información sensible a través de una petición sin especificar que utiliza un métodod diferente
Unauthenticated access to the JBoss Application Server Web Console (/web-console) is blocked by default. However, it was found that this block was incomplete, and only blocked GET and POST HTTP verbs. A remote attacker could use this flaw to gain access to sensitive information.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2010-04-15 CVE Reserved
- 2010-04-28 CVE Published
- 2022-05-25 Exploited in Wild
- 2022-06-15 KEV Due Date
- 2024-06-29 EPSS Updated
- 2024-08-07 CVE Updated
- 2024-08-07 First Exploit
CWE
CAPEC
References (12)
| URL | Tag | Source |
|---|---|---|
| http://securitytracker.com/id?1023917 | Broken Link | |
| http://www.securityfocus.com/bid/39710 | Broken Link | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/58148 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| http://marc.info/?l=bugtraq&m=132698550418872&w=2 | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/39563 | 2024-06-28 | |
| http://www.vupen.com/english/advisories/2010/0992 | 2024-06-28 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=585899 | 2010-04-27 | |
| https://rhn.redhat.com/errata/RHSA-2010-0376.html | 2024-06-28 | |
| https://rhn.redhat.com/errata/RHSA-2010-0377.html | 2024-06-28 | |
| https://rhn.redhat.com/errata/RHSA-2010-0378.html | 2024-06-28 | |
| https://rhn.redhat.com/errata/RHSA-2010-0379.html | 2024-06-28 | |
| https://access.redhat.com/security/cve/CVE-2010-1428 | 2010-04-27 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Redhat Search vendor "Redhat" | Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform" | 4.2.0 Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "4.2.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform" | 4.3.0 Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "4.3.0" | - |
Affected
| ||||||