CyberSec.Space Logo
Back to CVE Browser

CVE-2010-0738

Known Exploited (CISA KEV)MEDIUM
5.3
CVSS Severity Score
EPSS Score81.2190%
EPSS Percentile98.39th
PublishedApr 28, 2010
Last ModifiedApr 22, 2026

Vulnerability Description

The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method.

Affected Platforms (CPE)

πŸ“¦
Redhat

Jboss Enterprise Application Platform

= 4.2.0
πŸ“¦
Redhat

Jboss Enterprise Application Platform

= 4.3.0

References & Advisories

πŸ”— http://marc.info/?l=bugtraq&m=132129312609324&w=2
πŸ”— http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=35
πŸ”— http://secunia.com/advisories/39563
πŸ”— http://securityreason.com/securityalert/8408
πŸ”— http://securitytracker.com/id?1023918
πŸ”— http://www.securityfocus.com/bid/39710
πŸ”— http://www.vupen.com/english/advisories/2010/0992
πŸ”— https://bugzilla.redhat.com/show_bug.cgi?id=574105

Related Vulnerabilities

CVE-2015-75019.8

Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterp...

CVE-2017-121499.8

In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the doFilter method in ...

CVE-2014-54019.8

Hospira MedNet software version 5.8 and prior uses vulnerable versions of the JBoss Enterprise Application Platform software that ...

CVE-2010-18718.8

JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize i...