Vulnerability detail
Enriched intelligence for a single CVE
High
CVE-2010-1428
PUBLISHEDThe Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and...
- Vendor
- Red Hat
- Product
- JBoss Enterprise Application Platform
- Published
- Apr 28, 2010
- EPSS
- —
Description
The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to obtain sensitive information via an unspecified request that uses a different method.
CVSS scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AV:N/AC:L/Au:N/C:P/I:N/A:N
SSVC decision points
- Exploitation
- active
- Automatable
- Yes
- Technical impact
- partial
References
- https://rhn.redhat.com/errata/RHSA-2010-0379.html
- https://rhn.redhat.com/errata/RHSA-2010-0378.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/58148
- http://marc.info/?l=bugtraq&m=132698550418872&w=2
- https://rhn.redhat.com/errata/RHSA-2010-0376.html
- https://bugzilla.redhat.com/show_bug.cgi?id=585899
- https://rhn.redhat.com/errata/RHSA-2010-0377.html
- http://marc.info/?l=bugtraq&m=132698550418872&w=2
- http://www.vupen.com/english/advisories/2010/0992
- http://securitytracker.com/id?1023917
- http://www.securityfocus.com/bid/39710
- http://secunia.com/advisories/39563
Known exploited vulnerability sources
Catalogues that list this CVE as a known exploited vulnerability.
| Source | Added |
|---|---|
| CISA | May 25, 2022 |
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Exploit Used in Malware
-
Added to KEVIntel