5.3
CVE-2010-0738
- EPSS 79.42%
- Veröffentlicht 28.04.2010 22:30:00
- Zuletzt bearbeitet 16.06.2026 23:16:45
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Redhat ≫ Jboss Enterprise Application Platform Version4.2.0 Update-
Redhat ≫ Jboss Enterprise Application Platform Version4.3.0 Update-
25.05.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog
Red Hat JBoss Authentication Bypass Vulnerability
SchwachstelleThe JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method.
BeschreibungApply updates per vendor instructions.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 79.42% | 0.996 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
|
CWE-749 Exposed Dangerous Method or Function
The product provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.
http://marc.info/?l=bugtraq&m=132129312609324&w=2
http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=35
http://secunia.com/advisories/39563
http://securityreason.com/securityalert/8408
http://securitytracker.com/id?1023918
http://www.securityfocus.com/bid/39710
http://www.vupen.com/english/advisories/2010/0992
https://bugzilla.redhat.com/show_bug.cgi?id=574105
https://exchange.xforce.ibmcloud.com/vulnerabilities/58147
https://rhn.redhat.com/errata/RHSA-2010-0376.html
https://rhn.redhat.com/errata/RHSA-2010-0377.html
https://rhn.redhat.com/errata/RHSA-2010-0378.html
https://rhn.redhat.com/errata/RHSA-2010-0379.html
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-0738