← Zuruck zu CVEs
CVE-2010-0738
MEDIUMCISA KEV5.3
Beschreibung
The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method.
CVE Details
CVSS v3.1 Bewertung5.3
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht4/28/2010
Zuletzt geandert4/22/2026
Quellekev
Honeypot-Sichtungen0
CISA KEV
HerstellerRed Hat
ProduktJBoss
SchwachstellennameRed Hat JBoss Authentication Bypass Vulnerability
KEV Aufnahmedatum2022-05-25
Behebungsfrist2022-06-15
Ransomware-NutzungKnown
Betroffene Produkte
redhat:jboss_enterprise_application_platform
Schwachen (CWE)
CWE-749
Referenzen
http://marc.info/?l=bugtraq&m=132129312609324&w=2(secalert@redhat.com)
http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=35(secalert@redhat.com)
http://secunia.com/advisories/39563(secalert@redhat.com)
http://securityreason.com/securityalert/8408(secalert@redhat.com)
http://securitytracker.com/id?1023918(secalert@redhat.com)
http://www.securityfocus.com/bid/39710(secalert@redhat.com)
http://www.vupen.com/english/advisories/2010/0992(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=574105(secalert@redhat.com)
https://exchange.xforce.ibmcloud.com/vulnerabilities/58147(secalert@redhat.com)
https://rhn.redhat.com/errata/RHSA-2010-0376.html(secalert@redhat.com)
https://rhn.redhat.com/errata/RHSA-2010-0377.html(secalert@redhat.com)
https://rhn.redhat.com/errata/RHSA-2010-0378.html(secalert@redhat.com)
https://rhn.redhat.com/errata/RHSA-2010-0379.html(secalert@redhat.com)
http://marc.info/?l=bugtraq&m=132129312609324&w=2(af854a3a-2127-422b-91ae-364da2661108)
http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=35(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/39563(af854a3a-2127-422b-91ae-364da2661108)
http://securityreason.com/securityalert/8408(af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1023918(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/39710(af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2010/0992(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=574105(af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/58147(af854a3a-2127-422b-91ae-364da2661108)
https://rhn.redhat.com/errata/RHSA-2010-0376.html(af854a3a-2127-422b-91ae-364da2661108)
https://rhn.redhat.com/errata/RHSA-2010-0377.html(af854a3a-2127-422b-91ae-364da2661108)
https://rhn.redhat.com/errata/RHSA-2010-0378.html(af854a3a-2127-422b-91ae-364da2661108)
https://rhn.redhat.com/errata/RHSA-2010-0379.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-0738(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.