Input validation

2010-04-2822:30:00

PRIOn knowledge base

www.prio-n.com

6.6 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.009 Low

EPSS

Percentile

82.1%

JSON

The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to obtain sensitive information via an unspecified request that uses a different method.

CPENameOperatorVersion
jboss_enterprise_application_platformeq4.3.0 cp6
jboss_enterprise_application_platformeq4.2.0 cp1
jboss_enterprise_application_platformeq4.2.0 cp6
jboss_enterprise_application_platformle4.3.0
jboss_enterprise_application_platformeq4.2
jboss_enterprise_application_platformeq4.3.0 cp1
jboss_enterprise_application_platformeq4.2.0 cp5
jboss_enterprise_application_platformeq4.2.0 cp4
jboss_enterprise_application_platformeq4.3.0 cp4
jboss_enterprise_application_platformeq4.2.0 cp3

Name	Operator	Version
jboss_enterprise_application_platform	eq	4.3.0 cp6
jboss_enterprise_application_platform	eq	4.2.0 cp1
jboss_enterprise_application_platform	eq	4.2.0 cp6
jboss_enterprise_application_platform	le	4.3.0
jboss_enterprise_application_platform	eq	4.2
jboss_enterprise_application_platform	eq	4.3.0 cp1
jboss_enterprise_application_platform	eq	4.2.0 cp5
jboss_enterprise_application_platform	eq	4.2.0 cp4
jboss_enterprise_application_platform	eq	4.3.0 cp4
jboss_enterprise_application_platform	eq	4.2.0 cp3