JBoss web console incomplete security restraints information disclosure vulnerability
|5||(AV:N/AC:L/Au:N/C:P/I:N/A:N)||April 28, 2010||February 03, 2013||February 13, 2015|
The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to obtain sensitive information via an unspecified request that uses a different method.
Scan For This Vulnerability
Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities
- RHSA-2010:0376: JBoss Enterprise Application Platform 4.2.0.CP09 update
- JBoss deployed web contexts information disclosure vulnerability
- RHSA-2010:0378: JBoss Enterprise Application Platform 4.2.0.CP09 update
- RHSA-2010:0379: JBoss Enterprise Application Platform 4.3.0.CP08 update
- Red Hat JBoss: CVE-2010-1428: A remote attacker could gain access to sensitive information.
- Red Hat JBoss: CVE-2010-1429: A remote attacker could acquire details about deployed web contexts
- JBoss JMX-Console incomplete security restraints access vulnerability
- RHSA-2010:0377: JBoss Enterprise Application Platform 4.3.0.CP08 update
- Red Hat JBoss: CVE-2010-0738: Remote attackers can send requests to the application's GET handler by using a different method.