22 matches found
JBoss Status Servlet Information Gathering
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'JBoss Status Servlet Information Gathering', 'Description' = %q This module queries the JBoss status servlet to collect sensitive information,...
Information Disclosure
JBoss EAP is vulnerable to Information Disclosure. Authenticated users were able to access the status servlet, which could allow remote attackers to acquire details about deployed web contexts...
JBoss Status Servlet Information Gathering
This module queries the JBoss status servlet to collect sensitive information, including URL paths, GET parameters and client IP addresses. This module has been tested against JBoss 4.0, 4.2.2 and 4.2.3. This module requires Metasploit: https://metasploit.com/download Current source:...
[security bulletin] HPSBMU02736 SSRT100699 rev.1 - HP Business Availability Center (BAC) and Business Service Management (BSM), Remote Unauthorized Access to Sensitive Information
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03127140 Version: 1 HPSBMU02736 SSRT100699 rev.1 - HP Business Availability Center BAC and Business Service Management BSM, Remote Unauthorized Access to Sensitive Information NOTICE: The...
JBossEAP status servlet info leak
JBoss Enterprise Application Platform aka JBossEAP or EAP before 4.2.0.CP03, and 4.3.0 before 4.3.0.CP01, allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string...
CVE-2010-1429
Red Hat JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this...
Design/Logic Flaw
Red Hat JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this...
PT-2010-3122 · Red Hat · Red Hat Jboss Enterprise Application Platform
Name of the Vulnerable Software and Affected Versions: Red Hat JBoss Enterprise Application Platform versions 4.2 before 4.2.0.CP09 Red Hat JBoss Enterprise Application Platform versions 4.3 before 4.3.0.CP08 Description: The issue allows remote attackers to obtain sensitive information about...
JBossEAP status servlet info leak
Red Hat JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this...
JBossEAP status servlet info leak
Red Hat JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this...
JBossEAP status servlet info leak
Red Hat JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this...
JBossEAP status servlet info leak
Red Hat JBoss Enterprise Application Platform aka JBoss EAP or JBEAP 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this...
JBoss EAP < 4.2.0.CP04 / 4.3.0.CP02 Status Servlet Information Disclosure
Binary data 4689.prm...
JBoss EAP < 4.2.0.CP03 / 4.3.0.CP01 Status Servlet Information Disclosure
Binary data 4623.prm...
JBoss Enterprise Application Platform (EAP) Status Servlet Request Remote Information Disclosure
The version of JBoss Enterprise Application Platform EAP running on the remote host allows unauthenticated access to a status servlet, which is used to monitor sessions and requests sent to the server. This vulnerability CVE-2008-3273 was fixed in versions 4.2.0.CP03 and 4.3.0.CP01, but was later...
CVE-2008-3273
JBoss Enterprise Application Platform aka JBossEAP or EAP before 4.2.0.CP03, and 4.3.0 before 4.3.0.CP01, allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string...
Input validation
JBoss Enterprise Application Platform aka JBossEAP or EAP before 4.2.0.CP03, and 4.3.0 before 4.3.0.CP01, allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string...
CVE-2008-3273
JBoss Enterprise Application Platform aka JBossEAP or EAP before 4.2.0.CP03, and 4.3.0 before 4.3.0.CP01, allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string...
JBossEAP status servlet info leak
JBoss Enterprise Application Platform aka JBossEAP or EAP before 4.2.0.CP03, and 4.3.0 before 4.3.0.CP01, allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string...
JBossEAP status servlet info leak
JBoss Enterprise Application Platform aka JBossEAP or EAP before 4.2.0.CP03, and 4.3.0 before 4.3.0.CP01, allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string...