CVE-2010-1428

HIGH KEV RANSOMWARE

Red Hat JBoss EAP/JBEAP <4.2.0.CP09-4.3.0.CP08 - Info Disclosure

Title source: llm

Description

The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to obtain sensitive information via an unspecified request that uses a different method.

References (12)

[Exploit, Mailing List] http://marc.info/?l=bugtraq&m=132698550418872&w=2

[Broken Link, Vendor Advisory] http://secunia.com/advisories/39563

[Broken Link, Third Party Advisory, VDB Entry] http://securitytracker.com/id?1023917

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/39710

[Broken Link, Vendor Advisory] http://www.vupen.com/english/advisories/2010/0992

[Issue Tracking] https://bugzilla.redhat.com/show_bug.cgi?id=585899

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/58148

[Broken Link, Vendor Advisory] https://rhn.redhat.com/errata/RHSA-2010-0376.html

[Broken Link] https://rhn.redhat.com/errata/RHSA-2010-0377.html

[Broken Link] https://rhn.redhat.com/errata/RHSA-2010-0378.html

[Vendor Advisory] https://rhn.redhat.com/errata/RHSA-2010-0379.html

[Third Party Advisory, US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-1428

Scores

CVSS v3 7.5

EPSS 0.6761

EPSS Percentile 98.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CISA KEV 2022-05-25

VulnCheck KEV 2016-03-25

InTheWild.io 2018-05-02

ENISA EUVD EUVD-2010-1456

Ransomware Use Confirmed

CWE

CWE-749

Status published

Products (2)

redhat/jboss_enterprise_application_platform 4.2.0

redhat/jboss_enterprise_application_platform 4.3.0

Published Apr 28, 2010

KEV Added May 25, 2022

Tracked Since Feb 18, 2026