Lucene search
K

15 matches found

Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.209 views

JBoss Status Servlet Information Gathering

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'JBoss Status Servlet Information Gathering', 'Description' = %q This module queries the JBoss status servlet to collect sensitive information,...

5CVSS6.9AI score0.53728EPSS
Exploits9
Hacker One
Hacker One
added 2024/02/15 8:52 p.m.43 views

MTN Group: CVE-2010-1429 JBoss Insecure Storage of Sensitive Information on ips.mtn.co.ug

The JBoss Enterprise Application Platform 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allowed remote attackers to obtain sensitive information about deployed web contexts via a request to the status servlet, as demonstrated by a full=true query string. This issue was caused by a regression fr...

7.5CVSS7.1AI score0.99903EPSS
Exploits27
Veracode
Veracode
added 2020/04/10 12:42 a.m.44 views

Information Disclosure

jboss EAP is vulnerable to information disclosure. The RHSA-2008:0826 update fixed an issue CVE-2008-3273 where unauthenticated users were able to access the status servlet; however, a bug fix included in the RHSA-2009:0347 update re-introduced the issue. A remote attacker could use this flaw to...

5CVSS3.9AI score0.53728EPSS
Exploits9References15Affected Software11
Circl
Circl
added 2018/05/29 3:50 p.m.9 views

CVE-2008-3273

creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/jbossstatus.rb 2018-05-29 15:50:33+00:00| seen|...

5CVSS8.9AI score0.47111EPSS
Exploits6References2
Metasploit
Metasploit
added 2014/03/28 9:5 p.m.41 views

JBoss Status Servlet Information Gathering

This module queries the JBoss status servlet to collect sensitive information, including URL paths, GET parameters and client IP addresses. This module has been tested against JBoss 4.0, 4.2.2 and 4.2.3. This module requires Metasploit: https://metasploit.com/download Current source:...

5CVSS8AI score0.53728EPSS
Exploits9
Tenable Nessus
Tenable Nessus
added 2013/01/24 12:0 a.m.65 views

RHEL 4 : JBoss EAP (RHSA-2010:0377)

Updated JBoss Enterprise Application Platform JBEAP 4.3 packages that fix three security issues and multiple bugs are now available for Red Hat Enterprise Linux 4 as JBEAP 4.3.0.CP08. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability...

7.5CVSS6.4AI score0.79415EPSS
Exploits35References8
Tenable Nessus
Tenable Nessus
added 2013/01/24 12:0 a.m.71 views

RHEL 5 : JBoss Enterprise Application Platform 4.3.0.CP08 update (Critical) (RHSA-2010:0379)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2010:0379 advisory. JBoss Enterprise Application Platform is the market leading platform for innovative and scalable Java applications; integrating the JBoss...

7.5CVSS6.5AI score0.79415EPSS
Exploits35References11
securityvulns
securityvulns
added 2012/01/21 12:0 a.m.92 views

[security bulletin] HPSBMU02736 SSRT100699 rev.1 - HP Business Availability Center (BAC) and Business Service Management (BSM), Remote Unauthorized Access to Sensitive Information

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03127140 Version: 1 HPSBMU02736 SSRT100699 rev.1 - HP Business Availability Center BAC and Business Service Management BSM, Remote Unauthorized Access to Sensitive Information NOTICE: The...

5CVSS0.7AI score0.62308EPSS
Exploits10
seebug.org
seebug.org
added 2010/04/29 12:0 a.m.249 views

JBoss企业应用平台多个非授权访问漏洞

BUGTRAQ ID: 39710 CVE ID: CVE-2010-0738,CVE-2010-1428,CVE-2010-1429 JBoss企业应用平台(EAP)是J2EE应用的中间件平台。 JBoss企业应用平台中存在多个非授权访问漏洞,远程用户可以绕过认证执行非授权操作或读取敏感信息。 1 JMX控制台配置仅对使用GET和POST HTTP命令的请求指定了认证要求,远程攻击者可以创建没有指定GET或POST的HTTP请求,导致无需认证便被默认的GET处理器执行。 2...

5CVSS1.1AI score0.79415EPSS
Exploits35
Prion
Prion
added 2010/04/28 10:30 p.m.29 views

Design/Logic Flaw

Red Hat JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this...

5CVSS6.1AI score0.53728EPSS
Exploits9References12Affected Software1
RedHat Linux
RedHat Linux
added 2010/04/27 4:15 a.m.206 views

Critical: Red Hat Security Advisory: JBoss Enterprise Application Platform 4.3.0.CP08 update

Updated JBoss Enterprise Application Platform JBEAP 4.3 packages that fix three security issues and multiple bugs are now available for Red Hat Enterprise Linux 5 as JBEAP 4.3.0.CP08. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability...

7.5CVSS6.3AI score0.79415EPSS
Exploits35References6
RedHat Linux
RedHat Linux
added 2010/04/27 3:19 a.m.4 views

JBossEAP status servlet info leak

Red Hat JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this...

5CVSS7.4AI score0.53728EPSS
Exploits9References4
Tenable Nessus
Tenable Nessus
added 2008/08/13 12:0 a.m.489 views

JBoss Enterprise Application Platform (EAP) Status Servlet Request Remote Information Disclosure

The version of JBoss Enterprise Application Platform EAP running on the remote host allows unauthenticated access to a status servlet, which is used to monitor sessions and requests sent to the server. This vulnerability CVE-2008-3273 was fixed in versions 4.2.0.CP03 and 4.3.0.CP01, but was later...

5CVSS8.2AI score0.53728EPSS
Exploits9References4
CVE
CVE
added 2008/08/10 8:0 p.m.209 views

CVE-2008-3273

CVE-2008-3273 affects JBoss EAP/JBoss EAP 4.2.x (before 4.2.0.CP03) and 4.3.x (before 4.3.0.CP01). A remote attacker could disclose sensitive information about deployed web contexts by querying the status servlet with full=true. Connected documents corroborate the information disclosure via the s...

5CVSS5.8AI score0.47111EPSS
Exploits6References12Affected Software1
seebug.org
seebug.org
added 2008/08/06 12:0 a.m.60 views

JBoss Enterprise Application Platform信息泄漏漏洞

BUGTRAQ ID: 30540 CVE ID:CVE-2008-3273 CVE-2008-1285 CNCVE ID:CNCVE-20083273 CNCVE-20081285 JBoss Enterprise Application Platform是一款企业级应用平台。 JBoss Enterprise Application Platform存在信息泄漏问题,远程攻击者可以利用漏洞获得配置的WEB上下文,或进行跨站脚本攻击。 -JavaServer Faces JSF组件存在多个跨站脚本攻击,可导致注入任意WEB脚本或HTML。...

5CVSS0.47111EPSS
Exploits6
Rows per page
Query Builder