CVE-2010-1428

Confirmed PUBLISHED

The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and...

Red Hat · JBoss Enterprise Application Platform
Exploited in the wild Used in malware

Recommended Action

Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.

Confidence
Confirmed
Exploitation Status
Exploited in the wild
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
In CISA KEV
CVSS / EPSS
7.5 High

At a Glance

The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to obtain sensitive information via an unspecified request that uses a different method.

malware cisa ransomware
CVE Published
Apr 28, 2010
Exploitation Reported
May 25, 2022
CVSS
7.5 High
EPSS
Remote Low complexity No user interaction Unauthenticated

Affected Versions

Vendor Product Version Status
n/a
n/a

n/a

Affected

CVE References

  • RHSA-2010:0379 rhn.redhat.com · Vendor Advisory https://rhn.redhat.com/errata/RHSA-2010-0379.html
  • RHSA-2010:0378 rhn.redhat.com · Vendor Advisory https://rhn.redhat.com/errata/RHSA-2010-0378.html
  • HPSBMU02736 marc.info · Vendor Advisory http://marc.info/?l=bugtraq&m=132698550418872&w=2
  • RHSA-2010:0376 rhn.redhat.com · Vendor Advisory https://rhn.redhat.com/errata/RHSA-2010-0376.html
  • RHSA-2010:0377 rhn.redhat.com · Vendor Advisory https://rhn.redhat.com/errata/RHSA-2010-0377.html
Show 6 more references
  • 39563 secunia.com · Third-Party Advisory http://secunia.com/advisories/39563
  • jboss-webconsole-information-disclosure(58148) exchange.xforce.ibmcloud.com · VDB Entry https://exchange.xforce.ibmcloud.com/vulnerabilities/58148
  • ADV-2010-0992 vupen.com · VDB Entry http://www.vupen.com/english/advisories/2010/0992
  • 1023917 securitytracker.com · VDB Entry http://securitytracker.com/id?1023917
  • 39710 securityfocus.com · VDB Entry http://www.securityfocus.com/bid/39710
  • bugzilla.redhat.com/show_bug.cgi bugzilla.redhat.com · CVE Record https://bugzilla.redhat.com/show_bug.cgi?id=585899

Recommended Actions

  • Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.