← Back to CVEs
CVE-2010-1428
HIGHCISA KEV7.5
Description
The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to obtain sensitive information via an unspecified request that uses a different method.
CVE Details
CVSS v3.1 Score7.5
SeverityHIGH
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published4/28/2010
Last Modified4/22/2026
Sourcekev
Honeypot Sightings0
CISA KEV
VendorRed Hat
ProductJBoss
Vulnerability NameRed Hat JBoss Information Disclosure Vulnerability
KEV Date Added2022-05-25
Remediation Due Date2022-06-15
Ransomware UseKnown
Affected Products
redhat:jboss_enterprise_application_platform
Weaknesses (CWE)
CWE-749
References
http://marc.info/?l=bugtraq&m=132698550418872&w=2(secalert@redhat.com)
http://secunia.com/advisories/39563(secalert@redhat.com)
http://securitytracker.com/id?1023917(secalert@redhat.com)
http://www.securityfocus.com/bid/39710(secalert@redhat.com)
http://www.vupen.com/english/advisories/2010/0992(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=585899(secalert@redhat.com)
https://exchange.xforce.ibmcloud.com/vulnerabilities/58148(secalert@redhat.com)
https://rhn.redhat.com/errata/RHSA-2010-0376.html(secalert@redhat.com)
https://rhn.redhat.com/errata/RHSA-2010-0377.html(secalert@redhat.com)
https://rhn.redhat.com/errata/RHSA-2010-0378.html(secalert@redhat.com)
https://rhn.redhat.com/errata/RHSA-2010-0379.html(secalert@redhat.com)
http://marc.info/?l=bugtraq&m=132698550418872&w=2(af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/39563(af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1023917(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/39710(af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2010/0992(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=585899(af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/58148(af854a3a-2127-422b-91ae-364da2661108)
https://rhn.redhat.com/errata/RHSA-2010-0376.html(af854a3a-2127-422b-91ae-364da2661108)
https://rhn.redhat.com/errata/RHSA-2010-0377.html(af854a3a-2127-422b-91ae-364da2661108)
https://rhn.redhat.com/errata/RHSA-2010-0378.html(af854a3a-2127-422b-91ae-364da2661108)
https://rhn.redhat.com/errata/RHSA-2010-0379.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-1428(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.