CVEブラウザに戻る

CVE-2010-0738

Known Exploited (CISA KEV)MEDIUM

5.3

CVSS Severity Score

EPSS Score81.2190%

EPSS Percentile98.39th

Published2010年4月28日

Last Modified2026年4月22日

Vulnerability Description

The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method.

Affected Platforms (CPE)

📦

Redhat

Jboss Enterprise Application Platform

= 4.2.0

📦

Redhat

Jboss Enterprise Application Platform

= 4.3.0

References & Advisories

🔗 http://marc.info/?l=bugtraq&m=132129312609324&w=2

🔗 http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=35

🔗 http://secunia.com/advisories/39563

🔗 http://securityreason.com/securityalert/8408

🔗 http://securitytracker.com/id?1023918

🔗 http://www.securityfocus.com/bid/39710

🔗 http://www.vupen.com/english/advisories/2010/0992

🔗 https://bugzilla.redhat.com/show_bug.cgi?id=574105

関連する脆弱性情報

CVE-2015-75019.8

Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterp...

CVE-2017-121499.8

In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the doFilter method in ...

CVE-2014-54019.8

Hospira MedNet software version 5.8 and prior uses vulnerable versions of the JBoss Enterprise Application Platform software that ...

CVE-2010-18718.8

JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize i...