Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:19528
HistoryApr 29, 2010 - 12:00 a.m.

JBoss企业应用平台多个非授权访问漏洞

2010-04-2900:00:00
Root
www.seebug.org
140

0.974 High

EPSS

Percentile

99.9%

JSON

BUGTRAQ ID: 39710
CVE ID: CVE-2010-0738,CVE-2010-1428,CVE-2010-1429

JBoss企业应用平台(EAP)是J2EE应用的中间件平台。

JBoss企业应用平台中存在多个非授权访问漏洞,远程用户可以绕过认证执行非授权操作或读取敏感信息。

  1. JMX控制台配置仅对使用GET和POST HTTP命令的请求指定了认证要求,远程攻击者可以创建没有指定GET或POST的HTTP请求,导致无需认证便被默认的GET处理器执行。

  2. 默认阻断了对JBoss应用服务器Web控制台(/web-console)的非认证访问,但这种阻断并不彻底,仅阻断了GET和POST HTTP命令。远程攻击者可以利用这个漏洞访问敏感信息。

  3. RHSA-2008:0828更新修复了未经认证用户可访问状态servlet的漏洞(CVE-2008-3273);但RHSA-2009:0349中的bug修复重新引入了这个漏洞。远程攻击者可以利用这个漏洞获得有关所部署的web上下文的详细信息。

RedHat JBoss EAP 4.3
RedHat JBoss EAP 4.2
厂商补丁:

RedHat

RedHat已经为此发布了一个安全公告(RHSA-2010:0376-01)以及相应补丁:
RHSA-2010:0376-01:Critical: JBoss Enterprise Application Platform 4.2.0.CP09 update
链接:https://www.redhat.com/support/errata/RHSA-2010-0376.html

Related

nessus 14
redhat 2
openvas 2
securityvulns 8
veracode 4
nuclei 1
prion 7
cve 7
ubuntucve 1
seebug 4
saint 4
cisa_kev 2
attackerkb 3
packetstorm 4
canvas 1
threatpost 2
metasploit 1
zdt 1
exploitdb 5
checkpoint_advisories 1
exploitpack 1
nmap 1
kitploit 2
nessus
nessus
RHEL 5 : JBoss EAP (RHSA-2010:0379)
2013-01-24 00:00:00
RHEL 4 : JBoss EAP (RHSA-2010:0377)
2013-01-24 00:00:00
RHEL 5 : JBoss EAP (RHSA-2010:0378)
2013-01-24 00:00:00
redhat
redhat
(RHSA-2010:0379) Critical: JBoss Enterprise Application Platform 4.3.0.CP08 update
2010-04-27 00:00:00
(RHSA-2008:0828) Moderate: JBoss Enterprise Application Platform 4.3.0CP01 security update
2008-08-05 00:00:00
openvas
openvas
Red Hat JBoss Products Multiple Vulnerabilities (jmx-console) - Active Check
2010-04-28 00:00:00
Red Hat JBoss Products Multiple Vulnerabilities (status page) - Active Check
2011-09-16 00:00:00
securityvulns
securityvulns
[security bulletin] HPSBMU02736 SSRT100699 rev.1 - HP Business Availability Center (BAC) and Business Service Management (BSM), Remote Unauthorized Access to Sensitive Information
2012-01-21 00:00:00
Business Availability Center / Business Service Management information leakage
2012-01-21 00:00:00
[security bulletin] HPSBMU02714 SSRT100244 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Disclosure of Information
2011-10-31 00:00:00
veracode
veracode
Information Disclosure
2020-04-10 00:42:54
Information Disclosure
2020-04-10 00:42:53
Information Disclosure
2020-04-10 00:26:36
nuclei
nuclei
Red Hat JBoss Enterprise Application Platform - Sensitive Information Disclosure
2023-01-18 06:55:26
prion
prion
Design/Logic Flaw
2010-04-28 22:30:00
Input validation
2010-04-28 22:30:00
Input validation
2008-08-10 20:41:00
cve
cve
CVE-2010-1429
2010-04-28 22:30:00
CVE-2008-3273
2008-08-10 20:41:00
CVE-2010-0738
2010-04-28 22:30:00
ubuntucve
ubuntucve
CVE-2008-3273
2008-08-10 00:00:00
seebug
seebug
JBoss addURL Misconfiguration Attack
2011-10-05 00:00:00
JBoss JMX Console Beanshell Deployer WAR upload and deployment
2014-07-01 00:00:00
JBoss, JMX Console, misconfigured DeploymentScanner
2014-07-01 00:00:00
saint
saint
RedHat JBoss Enterprise Application Platform JMX Console Authentication Bypass
2010-06-07 00:00:00
RedHat JBoss Enterprise Application Platform JMX Console Authentication Bypass
2010-06-07 00:00:00
RedHat JBoss Enterprise Application Platform JMX Console Authentication Bypass
2010-06-07 00:00:00
cisa_kev
cisa_kev
Red Hat JBoss Authentication Bypass Vulnerability
2022-05-25 00:00:00
Red Hat JBoss Information Disclosure Vulnerability
2022-05-25 00:00:00
attackerkb
attackerkb
CVE-2010-0738
2010-04-28 00:00:00
CVE-2010-1428
2010-04-28 00:00:00
CVE-2013-4810
2013-09-16 00:00:00
packetstorm
packetstorm
JBoss addURL Misconfiguration Attack
2011-10-03 00:00:00
JBoss 4.2.x / 4.3.x Information Disclosure
2018-02-09 00:00:00
JBoss JMX Console Beanshell Deployer WAR Upload And Deployment
2010-06-24 00:00:00
canvas
canvas
Immunity Canvas: JBOSS_JMXCONSOLE_DEPLOYER
2010-04-28 22:30:00
threatpost
threatpost
JBoss Worm Exploiting Old Bug to Infect Unpatched Servers
2011-10-21 11:50:17
3.2 Million Servers Vulnerable to JBoss Attack
2016-04-18 14:11:34
metasploit
metasploit
JBoss JMX Console Deployer Upload and Execute
2012-07-10 17:33:28
zdt
zdt
JBoss 4.2.x/4.3.x - Information Disclosure Exploit
2018-02-10 00:00:00
exploitdb
exploitdb
JBoss 4.2.x/4.3.x - Information Disclosure
2018-02-10 00:00:00
JBoss & JMX Console - Misconfigured Deployment Scanner
2011-10-03 00:00:00
JBoss JMX - Console Beanshell Deployer WAR Upload and Deployment (Metasploit)
2011-01-10 00:00:00
checkpoint_advisories
checkpoint_advisories
RedHat JBoss Enterprise JMX Console Authentication Bypass (CVE-2010-0738)
2010-06-29 00:00:00
exploitpack
exploitpack
Hewlett-Packard (HP) UCMDB - JMX-Console Authentication Bypass
2015-02-03 00:00:00
nmap
nmap
http-vuln-cve2010-0738 NSE Script
2012-09-07 23:42:39
kitploit
kitploit
clusterd - Application Server Attack Toolkit
2017-09-25 21:04:00
Vulmap - Web Vulnerability Scanning And Verification Tools
2020-12-25 11:30:00

0.974 High

EPSS

Percentile

99.9%

JSON
Related for SSV:19528
nessus14redhat2openvas2securityvulns8veracode4nuclei1prion7cve7ubuntucve1seebug4saint4cisa_kev2attackerkb3packetstorm4canvas1threatpost2metasploit1zdt1exploitdb5checkpoint_advisories1exploitpack1nmap1kitploit2