CVE-2010-0738
The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- February 26, 2010
- Published Date
- April 28, 2010
- Last Updated
- February 07, 2025
- Vendor
- n/a
- Product
- n/a
- Description
- The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method.
CVSS Scores
CVSS v3.1
5.3 - MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
SSVC Information
- Exploitation
- active
- Automatable
- Yes
- Technical Impact
- partial
References
https://rhn.redhat.com/errata/RHSA-2010-0379.html
https://rhn.redhat.com/errata/RHSA-2010-0378.html
https://bugzilla.redhat.com/show_bug.cgi?id=574105
https://rhn.redhat.com/errata/RHSA-2010-0376.html
http://securityreason.com/securityalert/8408
https://rhn.redhat.com/errata/RHSA-2010-0377.html
http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=35
http://www.vupen.com/english/advisories/2010/0992
http://marc.info/?l=bugtraq&m=132129312609324&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/58147
http://marc.info/?l=bugtraq&m=132129312609324&w=2
http://www.securityfocus.com/bid/39710
http://secunia.com/advisories/39563
http://securitytracker.com/id?1023918
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CISA | 2022-05-25 00:00:00 UTC |
Scanner Integrations
| Scanner | URL | Date Detected |
|---|---|---|
| Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/jboss_maindeployer.rb | 2025-04-29 11:01:21 UTC |
Potential Proof of Concepts
Warning: These PoCs have not been tested and could contain malware. Use at your own risk.
jboss_bshdeployer
Type: metasploit • Created: Unknown
Metasploit module for CVE-2010-0738
jboss_deploymentfilerepository
Type: metasploit • Created: Unknown
Metasploit module for CVE-2010-0738
jboss_maindeployer
Type: metasploit • Created: Unknown
Metasploit module for CVE-2010-0738