7.5

CVE-2010-1428

Warnung
Exploit
The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to obtain sensitive information via an unspecified request that uses a different method.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)

25.05.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Red Hat JBoss Information Disclosure Vulnerability

Schwachstelle

Unauthenticated access to the JBoss Application Server Web Console (/web-console) is blocked by default. However, it was found that this block was incomplete, and only blocked GET and POST HTTP verbs. A remote attacker could use this flaw to gain access to sensitive information.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 62.31% 0.991
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE-749 Exposed Dangerous Method or Function

The product provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.

http://marc.info/?l=bugtraq&m=132698550418872&w=2
Exploit
Mailing List
http://secunia.com/advisories/39563
Vendor Advisory
Broken Link
http://www.securityfocus.com/bid/39710
Third Party Advisory
Broken Link
VDB Entry
http://www.vupen.com/english/advisories/2010/0992
Vendor Advisory
Broken Link
https://rhn.redhat.com/errata/RHSA-2010-0376.html
Vendor Advisory
Broken Link
https://rhn.redhat.com/errata/RHSA-2010-0377.html
Broken Link
https://rhn.redhat.com/errata/RHSA-2010-0378.html
Broken Link
https://rhn.redhat.com/errata/RHSA-2010-0379.html
Vendor Advisory
http://securitytracker.com/id?1023917
Third Party Advisory
Broken Link
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=585899
Issue Tracking
https://exchange.xforce.ibmcloud.com/vulnerabilities/58148
Third Party Advisory
VDB Entry
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-1428
Broken Link