CVE-2010-1428

HIGH KEV RANSOMWARE

Red Hat JBoss EAP/JBEAP <4.2.0.CP09-4.3.0.CP08 - Info Disclosure

Title source: llm

Exploitation Summary

CVE-2010-1428 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added May 25, 2022, with confirmed use in ransomware campaigns. EIP tracks 1 public exploit from researchers including Tyler Krpata, Zach Grace <@ztgrace>, including a Metasploit module auxiliary/scanner/http/jboss_vulnscan.

AI-analyzed exploit summary This Metasploit module scans JBoss instances for multiple vulnerabilities, including CVE-2010-1428, by checking for unauthenticated access to specific endpoints and testing for HTTP verb tampering to bypass authentication. It does not exploit the vulnerabilities but detects their presence.

Description

The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to obtain sensitive information via an unspecified request that uses a different method.

Exploits (1)

metasploit SCANNER

by Tyler Krpata, Zach Grace <@ztgrace> · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/jboss_vulnscan.rb

View Code ZIP pw:eip

This Metasploit module scans JBoss instances for multiple vulnerabilities, including CVE-2010-1428, by checking for unauthenticated access to specific endpoints and testing for HTTP verb tampering to bypass authentication. It does not exploit the vulnerabilities but detects their presence.

Classification

Scanner 100%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: JBoss Application Server

No auth needed

Prerequisites: Network access to the JBoss instance · HTTP/HTTPS access to the target endpoints

MITRE ATT&CK