CVE-2010-1428

The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to obtain sensitive information via an unspecified request that uses a different method.

Published: Apr 29, 2010
Updated: Jun 29, 2024
CVE: CVE-2010-1428
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
redhat / jboss_enterprise_application_platform	4.2.0	4.2.0.x
redhat / jboss_enterprise_application_platform	4.3.0	4.3.0.x

http://marc.info/?l=bugtraq&m=132698550418872&w=2
http://secunia.com/advisories/39563
http://securitytracker.com/id?1023917
http://www.securityfocus.com/bid/39710
http://www.vupen.com/english/advisories/2010/0992
https://bugzilla.redhat.com/show_bug.cgi?id=585899
https://exchange.xforce.ibmcloud.com/vulnerabilities/58148
https://rhn.redhat.com/errata/RHSA-2010-0376.html
https://rhn.redhat.com/errata/RHSA-2010-0377.html
https://rhn.redhat.com/errata/RHSA-2010-0378.html
https://rhn.redhat.com/errata/RHSA-2010-0379.html

Vulnerability Database

289,599

CVE-2010-1428