VDB
CVE-2010-1428
CVE-2010-1428
PUBLISHED
KEV
CVSS 5 MEDIUM
The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to obtain sensitive information via an unspecified request that uses a different method.
EPSS 67.61% · 98.6th percentile
Risk Scores
CVSS 2.0
5
EPSS Score
67.61%
98.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| redhat | jboss_enterprise_application_platform | 4.2.0, 4.3.0, 4.2.0 |
Exploit Intelligence
- secretnonempty/CVE-2014-0224 (github-poc)
- secretnonempty/CVE-2014-0224 (github-poc)
- secretnonempty/CVE-2014-0224 (github-poc)
- secretnonempty/CVE-2014-0224 (github-poc)
- secretnonempty/CVE-2014-0224 (github-poc)
- ssllabs/openssl-ccs-cve-2014-0224 (github-poc)
- ssllabs/openssl-ccs-cve-2014-0224 (github-poc)
- ssllabs/openssl-ccs-cve-2014-0224 (github-poc)
- ssllabs/openssl-ccs-cve-2014-0224 (github-poc)
- ssllabs/openssl-ccs-cve-2014-0224 (github-poc)
…and 87 more exploits
Timeline
- Apr 28, 2010 CVE Published
- Mar 25, 2016 VulnCheck KEV Exploitation
- Mar 28, 2018 VulnCheck KEV Exploitation
- May 2, 2018 VulnCheck KEV Exploitation
- May 15, 2018 VulnCheck KEV Exploitation
- May 29, 2018 PoC Published
- Sep 1, 2019 VulnCheck KEV Exploitation
- Feb 11, 2021 VulnCheck KEV Exploitation
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 25, 2022 CISA KEV Added
- Jul 12, 2022 EPSS Score
References
- RHSA-2010:0379 vendor-advisory
- RHSA-2010:0378 vendor-advisory
- jboss-webconsole-information-disclosure(58148) vdb
- HPSBMU02736 vendor-advisory
- RHSA-2010:0376 vendor-advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=585899 url
- RHSA-2010:0377 vendor-advisory
- ADV-2010-0992 vdb
- 1023917 vdb
- 39710 vdb
- 39563 third-party-advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-1428 url
- https://nvd.nist.gov/vuln/detail/CVE-2010-1428 advisory
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698&cat=SIRT_1&actp=LIST advisory
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10659&cat=SIRT_1&actp=LIST advisory
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10627&cat=SIRT_1&actp=LIST advisory
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10625 advisory
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10627 advisory
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10624 advisory
- https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10626 advisory
…and 1 more