CVE-2010-1428

KEV

🔴 Łataj teraz

Brak kontroli dostępu w JBoss EAP umożliwia uzyskanie poufnych informacji przez atakujących.

CVSS

7.5

EPSS

67.6%

Exploit

weaponized

Vendor

redhat

Opis źródłowy (NVD)

The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to obtain sensitive information via an unspecified request that uses a different method.

exploit Brak patcha

Źródła i daty

Źródło	Wartość
NVD – CVSS	7.5
CISA KEV (aktywnie wykorzystywane)	Tak
FIRST EPSS (prawdopodobieństwo exploita)	67.6%
Opublikowano (NVD)	2010-04-28 22:30:00 UTC
Ostatnia modyfikacja (NVD)	2026-04-22 14:37:55 UTC

Referencje

http://marc.info/?l=bugtraq&m=132698550418872&w=2 (secalert@redhat.com) [Exploit, Mailing List]
http://secunia.com/advisories/39563 (secalert@redhat.com) [Broken Link, Vendor Advisory]
http://securitytracker.com/id?1023917 (secalert@redhat.com) [Broken Link, Third Party Advisory, VDB Entry]
http://www.securityfocus.com/bid/39710 (secalert@redhat.com) [Broken Link, Third Party Advisory, VDB Entry]
http://www.vupen.com/english/advisories/2010/0992 (secalert@redhat.com) [Broken Link, Vendor Advisory]
https://bugzilla.redhat.com/show_bug.cgi?id=585899 (secalert@redhat.com) [Issue Tracking]
https://exchange.xforce.ibmcloud.com/vulnerabilities/58148 (secalert@redhat.com) [Third Party Advisory, VDB Entry]
https://rhn.redhat.com/errata/RHSA-2010-0376.html (secalert@redhat.com) [Broken Link, Vendor Advisory]
https://rhn.redhat.com/errata/RHSA-2010-0377.html (secalert@redhat.com) [Broken Link]
https://rhn.redhat.com/errata/RHSA-2010-0378.html (secalert@redhat.com) [Broken Link]
https://rhn.redhat.com/errata/RHSA-2010-0379.html (secalert@redhat.com) [Vendor Advisory]
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-1428 (134c704f-9b21-4f2e-91b3-4a467353bcc0) [Broken Link]