CVE-2010-1428
The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- April 15, 2010
- Published Date
- April 28, 2010
- Last Updated
- February 07, 2025
- Vendor
- n/a
- Product
- n/a
- Description
- The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to obtain sensitive information via an unspecified request that uses a different method.
CVSS Scores
CVSS v3.1
7.5 - HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
SSVC Information
- Exploitation
- active
- Automatable
- Yes
- Technical Impact
- partial
References
https://rhn.redhat.com/errata/RHSA-2010-0379.html
https://rhn.redhat.com/errata/RHSA-2010-0378.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/58148
http://marc.info/?l=bugtraq&m=132698550418872&w=2
https://rhn.redhat.com/errata/RHSA-2010-0376.html
https://bugzilla.redhat.com/show_bug.cgi?id=585899
https://rhn.redhat.com/errata/RHSA-2010-0377.html
http://marc.info/?l=bugtraq&m=132698550418872&w=2
http://www.vupen.com/english/advisories/2010/0992
http://securitytracker.com/id?1023917
http://www.securityfocus.com/bid/39710
http://secunia.com/advisories/39563
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CISA | 2022-05-25 00:00:00 UTC |