Lucene search

K

AttackerKBAKB:15310691-8F2C-46C8-BEAC-4C3B551AC894

HistoryApr 28, 2010 - 12:00 a.m.

CVE-2010-1428

2010-04-2800:00:00

attackerkb.com

18

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.009 Low

EPSS

Percentile

82.6%

The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to obtain sensitive information via an unspecified request that uses a different method.

Recent assessments:

Assessed Attacker Value: 0
Assessed Attacker Value: 0Assessed Attacker Value: 0

References

marc.info/?l=bugtraq&m=132698550418872&w=2

marc.info?l=bugtraq&m=132698550418872&w=2

secunia.com/advisories/39563

securitytracker.com/id?1023917

www.securityfocus.com/bid/39710

www.vupen.com/english/advisories/2010/0992

bugzilla.redhat.com/show_bug.cgi?id=585899

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1428

exchange.xforce.ibmcloud.com/vulnerabilities/58148

rhn.redhat.com/errata/RHSA-2010-0376.html

rhn.redhat.com/errata/RHSA-2010-0377.html

rhn.redhat.com/errata/RHSA-2010-0378.html

rhn.redhat.com/errata/RHSA-2010-0379.html

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.009 Low

EPSS

Percentile

82.6%

Related for AKB:15310691-8F2C-46C8-BEAC-4C3B551AC894

nvd1 veracode1 cvelist1 cve1 cisa_kev1 prion1 nessus7 securityvulns4 openvas1 redhat1 seebug1 kitploit1