Red Hat JBoss: CVE-2010-1429: A remote attacker could acquire details about deployed web contexts
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
5 | (AV:N/AC:L/Au:N/C:P/I:N/A:N) | April 28, 2010 | August 01, 2017 | August 01, 2017 |
Description
Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression.
Scan For This Vulnerability
Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities
References
- BID-39710
- CVE-2010-1429
- REDHAT-RHSA-2010:0376
- REDHAT-RHSA-2010:0377
- REDHAT-RHSA-2010:0378
- REDHAT-RHSA-2010:0379
- URL: http://marc.info/?l=bugtraq&m=132698550418872&w=2
- URL: http://securitytracker.com/id?1023918
- URL: http://www.securityfocus.com/bid/39710
- URL: http://www.vupen.com/english/advisories/2010/0992
- URL: http://xforce.iss.net/xforce/xfdb/58149
- URL: https://bugzilla.redhat.com/show_bug.cgi?id=585900
- URL: https://rhn.redhat.com/errata/RHSA-2010-0376.html
- URL: https://rhn.redhat.com/errata/RHSA-2010-0377.html
- URL: https://rhn.redhat.com/errata/RHSA-2010-0378.html
- URL: https://rhn.redhat.com/errata/RHSA-2010-0379.html
- XF-58149
Solution
jboss_enterprise_application_platform-cve-2010-1429-1Related Vulnerabilities
- RHSA-2010:0376: JBoss Enterprise Application Platform 4.2.0.CP09 update
- JBoss deployed web contexts information disclosure vulnerability
- RHSA-2010:0378: JBoss Enterprise Application Platform 4.2.0.CP09 update
- RHSA-2010:0379: JBoss Enterprise Application Platform 4.3.0.CP08 update
- JBoss web console incomplete security restraints information disclosure vulnerability
- Red Hat JBoss: CVE-2010-1428: A remote attacker could gain access to sensitive information.
- JBoss JMX-Console incomplete security restraints access vulnerability
- RHSA-2010:0377: JBoss Enterprise Application Platform 4.3.0.CP08 update
- Red Hat JBoss: CVE-2010-0738: Remote attackers can send requests to the application's GET handler by using a different method.