CVE-2010-1428

Name of the Vulnerable Software and Affected Versions Red Hat JBoss Enterprise Application Platform versions 4.2 through 4.2.0.CP08 Red Hat JBoss Enterprise Application Platform versions 4.3 through 4.3.0.CP07

Description The issue is related to insufficient access control in the Web Console of JBoss Enterprise Application Platform, which can be exploited by a remote attacker to obtain sensitive information. This can be achieved by sending a specially crafted request using a method other than GET or POST.

Recommendations For Red Hat JBoss Enterprise Application Platform versions 4.2 through 4.2.0.CP08, update to version 4.2.0.CP09 or later. For Red Hat JBoss Enterprise Application Platform versions 4.3 through 4.3.0.CP07, update to version 4.3.0.CP08 or later. As a temporary workaround, consider restricting access to the Web Console to minimize the risk of exploitation.