CyberSec.Space Logo
Back to CVE Browser

CVE-2010-1428

Known Exploited (CISA KEV)HIGH
7.5
CVSS Severity Score
EPSS Score27.5320%
EPSS Percentile88.67th
PublishedApr 28, 2010
Last ModifiedApr 22, 2026

Vulnerability Description

The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to obtain sensitive information via an unspecified request that uses a different method.

Affected Platforms (CPE)

πŸ“¦
Redhat

Jboss Enterprise Application Platform

= 4.2.0
πŸ“¦
Redhat

Jboss Enterprise Application Platform

= 4.3.0

References & Advisories

πŸ”— http://marc.info/?l=bugtraq&m=132698550418872&w=2
πŸ”— http://secunia.com/advisories/39563
πŸ”— http://securitytracker.com/id?1023917
πŸ”— http://www.securityfocus.com/bid/39710
πŸ”— http://www.vupen.com/english/advisories/2010/0992
πŸ”— https://bugzilla.redhat.com/show_bug.cgi?id=585899
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/58148
πŸ”— https://rhn.redhat.com/errata/RHSA-2010-0376.html

Related Vulnerabilities

CVE-2017-121499.8

In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the doFilter method in ...

CVE-2015-75019.8

Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterp...

CVE-2014-54019.8

Hospira MedNet software version 5.8 and prior uses vulnerable versions of the JBoss Enterprise Application Platform software that ...

CVE-2010-18718.8

JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize i...