SecOps Solution Website

Summary

The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to obtain sensitive information via an unspecified request that uses a different method.

Severity

Medium

Severity Score

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-ID

CWE-264

Vulnerability ID

CVE-2010-1428

Severity

Medium

Severity Score

5.0

Summary

References

http://www.securityfocus.com/bid/39710 https://bugzilla.redhat.com/show_bug.cgi?id=585899 https://rhn.redhat.com/errata/RHSA-2010-0376.html http://secunia.com/advisories/39563 http://www.vupen.com/english/advisories/2010/0992 https://rhn.redhat.com/errata/RHSA-2010-0378.html https://rhn.redhat.com/errata/RHSA-2010-0379.html https://rhn.redhat.com/errata/RHSA-2010-0377.html http://securitytracker.com/id?1023917 http://marc.info/?l=bugtraq&m=132698550418872&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/58148

Mitigation and Patches

Exploits

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/jboss_vulnscan.rb https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://news.sophos.com/en-us/2018/05/02/shutting-out-samsam-ransomware/

Metasploit Payload

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/jboss_vulnscan.rb

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE ID

CWE-264

CVE-2010-1428

Summary

Severity

Severity Score

Vector

CWE-ID

See SecOps Solution
in action

Products

Compare

Company

Resources

Try It

CVE-2010-1428

Summary

Severity

Severity Score

Vector

CWE-ID

See SecOps Solutionin action

Products

Compare

Company

Resources

Try It

See SecOps Solution
in action