CVEブラウザに戻る

CVE-2010-1428

Known Exploited (CISA KEV)HIGH

7.5

CVSS Severity Score

EPSS Score27.5320%

EPSS Percentile88.67th

Published2010年4月28日

Last Modified2026年4月22日

Vulnerability Description

The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to obtain sensitive information via an unspecified request that uses a different method.

Affected Platforms (CPE)

📦

Redhat

Jboss Enterprise Application Platform

= 4.2.0

📦

Redhat

Jboss Enterprise Application Platform

= 4.3.0

References & Advisories

🔗 http://marc.info/?l=bugtraq&m=132698550418872&w=2

🔗 http://secunia.com/advisories/39563

🔗 http://securitytracker.com/id?1023917

🔗 http://www.securityfocus.com/bid/39710

🔗 http://www.vupen.com/english/advisories/2010/0992

🔗 https://bugzilla.redhat.com/show_bug.cgi?id=585899

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/58148

🔗 https://rhn.redhat.com/errata/RHSA-2010-0376.html

関連する脆弱性情報

CVE-2017-121499.8

In Jboss Application Server as shipped with Red Hat Enterprise Application Platform 5.2, it was found that the doFilter method in ...

CVE-2015-75019.8

Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data Grid (JDG) 6.x; Data Virtualization (JDV) 6.x and 5.x; Enterp...

CVE-2014-54019.8

Hospira MedNet software version 5.8 and prior uses vulnerable versions of the JBoss Enterprise Application Platform software that ...

CVE-2010-18718.8

JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, does not properly sanitize i...