Vulners
Lucene search
Red Hat JBoss Enterprise Application Platform - Sensitive Information Disclosure
| Reporter | Title | Published | Views | Family All 76 |
|---|---|---|---|---|
 | JBoss 4.2.x/4.3.x - Information Disclosure Exploit | 10 Feb 201800:00 | – | zdt |
 | JBoss EAP < 4.2.0.CP03 / 4.3.0.CP01 Status Servlet Information Disclosure | 15 Aug 200800:00 | – | nessus |
| JBoss EAP < 4.2.0.CP09 / 4.3.0.CP08 Multiple Vulnerabilities | 29 Apr 201000:00 | – | nessus |
| JBoss Enterprise Application Platform (EAP) Status Servlet Request Remote Information Disclosure | 13 Aug 200800:00 | – | nessus |
| Juniper Junos Space < 13.3R1.8 Multiple Vulnerabilities (JSA10627) | 22 Dec 201400:00 | – | nessus |
| RHEL 4 : JBoss EAP (RHSA-2008:0825) | 24 Jan 201300:00 | – | nessus |
| RHEL 4 : JBoss EAP (RHSA-2008:0826) | 24 Jan 201300:00 | – | nessus |
| RHEL 5 : JBoss EAP (RHSA-2008:0827) | 24 Jan 201300:00 | – | nessus |
| RHEL 5 : JBoss EAP (RHSA-2008:0828) | 24 Jan 201300:00 | – | nessus |
| RHEL 4 : JBoss EAP (RHSA-2010:0376) | 24 Jan 201300:00 | – | nessus |
10
id: CVE-2010-1429
info:
name: Red Hat JBoss Enterprise Application Platform - Sensitive Information Disclosure
author: R12W4N
severity: medium
description: |
Red Hat JBoss Enterprise Application Platform 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 is susceptible to sensitive information disclosure. A remote attacker can obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression.
impact: |
An attacker can exploit this vulnerability to gain access to sensitive information, potentially leading to further attacks.
remediation: |
Apply the necessary patches or updates provided by Red Hat to fix the vulnerability.
reference:
- https://rhn.redhat.com/errata/RHSA-2010-0377.html
- https://nvd.nist.gov/vuln/detail/CVE-2010-1429
- https://nvd.nist.gov/vuln/detail/CVE-2008-3273
- http://marc.info/?l=bugtraq&m=132698550418872&w=2
- http://securitytracker.com/id?1023918
classification:
cvss-metrics: CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N
cvss-score: 5
cve-id: CVE-2010-1429
cwe-id: CWE-264
epss-score: 0.53728
epss-percentile: 0.98867
cpe: cpe:2.3:a:redhat:jboss_enterprise_application_platform:*:cp08:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: redhat
product: jboss_enterprise_application_platform
shodan-query:
- title:"JBoss"
- cpe:"cpe:2.3:a:redhat:jboss_enterprise_application_platform"
- http.title:"jboss"
fofa-query: title="jboss"
google-query: intitle:"jboss"
tags: cve2010,cve,jboss,eap,tomcat,exposure,redhat,vuln
http:
- method: GET
path:
- "{{BaseURL}}/status?full=true"
matchers-condition: and
matchers:
- type: word
words:
- "JVM"
- "memory"
- "localhost/"
condition: and
- type: status
status:
- 200
# digest: 4a0a00473045022033746068170d7a8b35ff8706e3ef7f89dadfd74a0d0c71f9271721df23e10a06022100c7623f5dc8870fede56e2426b2a5c8ba61ae652b443960db568d2a0086e285e2:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
04 Feb 2026 07:00Current
7.3High risk
Vulners AI Score7.3
CVSS 25
EPSS0.53728