Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusTenable5521.PRM
HistoryApr 29, 2010 - 12:00 a.m.

JBoss EAP < 4.2.0.CP09 / 4.3.0.CP08 Multiple Vulnerabilities

2010-04-2900:00:00
Tenable
www.tenable.com
98

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.974 High

EPSS

Percentile

99.9%

JSON

The remote host is running JBoss Enterprise Application Platform (JBEAP) < 4.2.0.CP09 / 4.3.0.CP08. Such versions are potentially affected by multiple vulnerabilities.

  • The JMX Console configuration only specified an authentication requirement for requests that used the GET and POST HTTP ‘verbs’. A remote attacker could create an HTTP request that does not specify GET or POST, causing it to be executed by the default GET handler without authentication. (CVE-2010-0738)

  • It is possible to bypass authentication for /web-console by specifying a HTTP method other than GET or POST. (CVE-2010-1428)

  • An information disclosure vulnerability that allows attackers to acquired details about deployed web contexts. (CVE-2010-1429)

Binary data 5521.prm
VendorProductVersionCPE
redhatjboss_enterprise_application_platformcpe:/a:redhat:jboss_enterprise_application_platform

Related

openvas 2
nessus 9
seebug 4
redhat 1
securityvulns 8
attackerkb 3
prion 5
cvelist 5
packetstorm 4
veracode 3
cisa_kev 2
saint 4
cve 5
canvas 1
threatpost 2
nvd 5
metasploit 1
exploitdb 5
zdt 1
checkpoint_advisories 1
nuclei 1
exploitpack 1
nmap 1
kitploit 2
openvas
openvas
Red Hat JBoss Products Multiple Vulnerabilities (jmx-console) - Active Check
2010-04-28 00:00:00
Red Hat JBoss Products Multiple Vulnerabilities (status page) - Active Check
2011-09-16 00:00:00
nessus
nessus
RHEL 4 : JBoss EAP (RHSA-2010:0376)
2013-01-24 00:00:00
RHEL 5 : JBoss EAP (RHSA-2010:0379)
2013-01-24 00:00:00
RHEL 5 : JBoss EAP (RHSA-2010:0378)
2013-01-24 00:00:00
seebug
seebug
JBoss企业应用平台多个非授权访问漏洞
2010-04-29 00:00:00
JBoss addURL Misconfiguration Attack
2011-10-05 00:00:00
JBoss JMX Console Beanshell Deployer WAR upload and deployment
2014-07-01 00:00:00
redhat
redhat
(RHSA-2010:0379) Critical: JBoss Enterprise Application Platform 4.3.0.CP08 update
2010-04-27 00:00:00
securityvulns
securityvulns
[security bulletin] HPSBMU02736 SSRT100699 rev.1 - HP Business Availability Center &#40;BAC&#41; and Business Service Management &#40;BSM&#41;, Remote Unauthorized Access to Sensitive Information
2012-01-21 00:00:00
Business Availability Center / Business Service Management information leakage
2012-01-21 00:00:00
[security bulletin] HPSBMU02714 SSRT100244 rev.2 - HP Network Node Manager i &#40;NNMi&#41; for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Disclosure of Information
2011-11-21 00:00:00
attackerkb
attackerkb
CVE-2010-0738
2010-04-28 00:00:00
CVE-2010-1428
2010-04-28 00:00:00
CVE-2013-4810
2013-09-16 00:00:00
prion
prion
Input validation
2010-04-28 22:30:00
Input validation
2010-04-28 22:30:00
Authentication flaw
2012-11-23 20:55:00
cvelist
cvelist
CVE-2010-0738
2010-04-28 22:00:00
CVE-2010-1428
2010-04-28 22:00:00
CVE-2011-4085
2012-11-23 20:00:00
packetstorm
packetstorm
JBoss addURL Misconfiguration Attack
2011-10-03 00:00:00
JBoss JMX Console Beanshell Deployer WAR Upload And Deployment
2010-06-24 00:00:00
JBoss 4.2.x / 4.3.x Information Disclosure
2018-02-09 00:00:00
veracode
veracode
Information Disclosure
2020-04-10 00:42:53
Information Disclosure
2020-04-10 00:42:54
Information Disclosure
2020-04-10 00:42:54
cisa_kev
cisa_kev
Red Hat JBoss Authentication Bypass Vulnerability
2022-05-25 00:00:00
Red Hat JBoss Information Disclosure Vulnerability
2022-05-25 00:00:00
saint
saint
RedHat JBoss Enterprise Application Platform JMX Console Authentication Bypass
2010-06-07 00:00:00
RedHat JBoss Enterprise Application Platform JMX Console Authentication Bypass
2010-06-07 00:00:00
RedHat JBoss Enterprise Application Platform JMX Console Authentication Bypass
2010-06-07 00:00:00
cve
cve
CVE-2010-0738
2010-04-28 22:30:00
CVE-2010-1428
2010-04-28 22:30:00
CVE-2010-1429
2010-04-28 22:30:00
canvas
canvas
Immunity Canvas: JBOSS_JMXCONSOLE_DEPLOYER
2010-04-28 22:30:00
threatpost
threatpost
JBoss Worm Exploiting Old Bug to Infect Unpatched Servers
2011-10-21 11:50:17
3.2 Million Servers Vulnerable to JBoss Attack
2016-04-18 14:11:34
nvd
nvd
CVE-2010-0738
2010-04-28 22:30:00
CVE-2010-1428
2010-04-28 22:30:00
CVE-2010-1429
2010-04-28 22:30:00
metasploit
metasploit
JBoss JMX Console Deployer Upload and Execute
2012-07-10 17:33:28
exploitdb
exploitdb
JBoss 4.2.x/4.3.x - Information Disclosure
2018-02-10 00:00:00
JBoss JMX - Console Deployer Upload and Execute (Metasploit)
2010-10-19 00:00:00
JBoss JMX - Console Beanshell Deployer WAR Upload and Deployment (Metasploit)
2011-01-10 00:00:00
zdt
zdt
JBoss 4.2.x/4.3.x - Information Disclosure Exploit
2018-02-10 00:00:00
checkpoint_advisories
checkpoint_advisories
RedHat JBoss Enterprise JMX Console Authentication Bypass (CVE-2010-0738)
2010-06-29 00:00:00
nuclei
nuclei
Red Hat JBoss Enterprise Application Platform - Sensitive Information Disclosure
2023-01-18 06:55:26
exploitpack
exploitpack
Hewlett-Packard (HP) UCMDB - JMX-Console Authentication Bypass
2015-02-03 00:00:00
nmap
nmap
http-vuln-cve2010-0738 NSE Script
2012-09-07 23:42:39
kitploit
kitploit
clusterd - Application Server Attack Toolkit
2017-09-25 21:04:00
Vulmap - Web Vulnerability Scanning And Verification Tools
2020-12-25 11:30:00

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.974 High

EPSS

Percentile

99.9%

JSON
Related for 5521.PRM
openvas2nessus9seebug4redhat1securityvulns8attackerkb3prion5cvelist5packetstorm4veracode3cisa_kev2saint4cve5canvas1threatpost2nvd5metasploit1exploitdb5zdt1checkpoint_advisories1nuclei1exploitpack1nmap1kitploit2