VDB
GSD-2010-1428
GSD-2010-1428
PUBLISHED
CVSS 7.5 HIGH
The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to obtain sensitive information via an unspecified request that uses a different method.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | * |
Exploit Intelligence
- secretnonempty/CVE-2014-0224 (github-poc)
- ssllabs/openssl-ccs-cve-2014-0224 (github-poc)
- Used for evaluating hosts for CVE-2014-0224 (github-poc)
- iph0n3/CVE-2014-0224 (github-poc)
- This script is designed for detection of vulnerable servers (CVE-2014-0224.) in a wide range of configurations. It attempts to negotiate using each affected protocol version (SSLv3, TLSv1, TLSv1.1, and TLSv1.2) advertising a comprehensive set of ciphers. (github-poc)
- Exploit for cve-2013-0169 (github-poc)
- JBoss Autopwn CVE-2010-0738 JBoss authentication bypass (github-poc)
- JBoss Autopwn as featured at BlackHat Europe 2010 - this version incorporates CVE-2010-0738 the JBoss authentication bypass VERB manipulation vulnerability as discovered by Minded Security (github-poc)
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-1428 (circl)
- https://bugzilla.redhat.com/show_bug.cgi?id=585899 (circl)
…and 17 more exploits
Timeline
- Feb 12, 2008 CVE Published
- May 29, 2018 PoC Published
- Jun 14, 2023 PoC Published
- Dec 24, 2024 PoC Published
- Feb 6, 2025 PoC Published
- Feb 23, 2025 PoC Published
- Feb 23, 2025 PoC Published
- Feb 2, 2026 PoC Published
References
- RHSA-2010:0379 vendor-advisory
- RHSA-2010:0378 vendor-advisory
- jboss-webconsole-information-disclosure(58148) vdb
- HPSBMU02736 vendor-advisory
- RHSA-2010:0376 vendor-advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=585899 url
- RHSA-2010:0377 vendor-advisory
- ADV-2010-0992 vdb
- 1023917 vdb
- 39710 vdb
- 39563 third-party-advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-1428 advisory