5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.974 High
EPSS
Percentile
99.9%
The remote host is running JBoss Enterprise Application Platform (JBEAP) < 4.2.0.CP09 / 4.3.0.CP08. Such versions are potentially affected by multiple vulnerabilities.
The JMX Console configuration only specified an authentication requirement for requests that used the GET and POST HTTP ‘verbs’. A remote attacker could create an HTTP request that does not specify GET or POST, causing it to be executed by the default GET handler without authentication. (CVE-2010-0738)
It is possible to bypass authentication for /web-console by specifying a HTTP method other than GET or POST. (CVE-2010-1428)
An information disclosure vulnerability that allows attackers to acquired details about deployed web contexts. (CVE-2010-1429)
Binary data 5521.prm
Vendor | Product | Version | CPE |
---|---|---|---|
redhat | jboss_enterprise_application_platform | cpe:/a:redhat:jboss_enterprise_application_platform |