AttackerKBAKB:15310691-8F2C-46C8-BEAC-4C3B551AC894CVE-2010-1428
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.009 Low
EPSS
Percentile
80.7%
The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to obtain sensitive information via an unspecified request that uses a different method.
Recent assessments:
Assessed Attacker Value: 0
Assessed Attacker Value: 0Assessed Attacker Value: 0
References
marc.info/?l=bugtraq&m=132698550418872&w=2
marc.info?l=bugtraq&m=132698550418872&w=2
secunia.com/advisories/39563
securitytracker.com/id?1023917
www.securityfocus.com/bid/39710
www.vupen.com/english/advisories/2010/0992
bugzilla.redhat.com/show_bug.cgi?id=585899
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1428
exchange.xforce.ibmcloud.com/vulnerabilities/58148
rhn.redhat.com/errata/RHSA-2010-0376.html
rhn.redhat.com/errata/RHSA-2010-0377.html
rhn.redhat.com/errata/RHSA-2010-0378.html
rhn.redhat.com/errata/RHSA-2010-0379.html
Related
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.009 Low
EPSS
Percentile
80.7%