← Volver a CVEs
CVE-2010-0738
MEDIUMCISA KEV5.3
Descripcion
The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method.
Detalles CVE
Puntuacion CVSS v3.15.3
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado4/28/2010
Ultima modificacion4/22/2026
Fuentekev
Avistamientos honeypot0
CISA KEV
VendedorRed Hat
ProductoJBoss
Nombre vulnerabilidadRed Hat JBoss Authentication Bypass Vulnerability
Fecha inclusion KEV2022-05-25
Fecha limite remediacion2022-06-15
Uso en ransomwareKnown
Productos afectados
redhat:jboss_enterprise_application_platform
Debilidades (CWE)
CWE-749
Referencias
http://marc.info/?l=bugtraq&m=132129312609324&w=2(secalert@redhat.com)
http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=35(secalert@redhat.com)
http://secunia.com/advisories/39563(secalert@redhat.com)
http://securityreason.com/securityalert/8408(secalert@redhat.com)
http://securitytracker.com/id?1023918(secalert@redhat.com)
http://www.securityfocus.com/bid/39710(secalert@redhat.com)
http://www.vupen.com/english/advisories/2010/0992(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=574105(secalert@redhat.com)
https://exchange.xforce.ibmcloud.com/vulnerabilities/58147(secalert@redhat.com)
https://rhn.redhat.com/errata/RHSA-2010-0376.html(secalert@redhat.com)
https://rhn.redhat.com/errata/RHSA-2010-0377.html(secalert@redhat.com)
https://rhn.redhat.com/errata/RHSA-2010-0378.html(secalert@redhat.com)
https://rhn.redhat.com/errata/RHSA-2010-0379.html(secalert@redhat.com)
http://marc.info/?l=bugtraq&m=132129312609324&w=2(af854a3a-2127-422b-91ae-364da2661108)
http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=35(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/39563(af854a3a-2127-422b-91ae-364da2661108)
http://securityreason.com/securityalert/8408(af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1023918(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/39710(af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2010/0992(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=574105(af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/58147(af854a3a-2127-422b-91ae-364da2661108)
https://rhn.redhat.com/errata/RHSA-2010-0376.html(af854a3a-2127-422b-91ae-364da2661108)
https://rhn.redhat.com/errata/RHSA-2010-0377.html(af854a3a-2127-422b-91ae-364da2661108)
https://rhn.redhat.com/errata/RHSA-2010-0378.html(af854a3a-2127-422b-91ae-364da2661108)
https://rhn.redhat.com/errata/RHSA-2010-0379.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-0738(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.