PT-2010-1180 · Red Hat · Red Hat Jboss Enterprise Application Platform

Marc Schoenefeld

Published

2010-04-26

Updated

2025-04-03

CVE-2010-1428

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Red Hat JBoss Enterprise Application Platform versions 4.2 through 4.2.0.CP08 Red Hat JBoss Enterprise Application Platform versions 4.3 through 4.3.0.CP07

Description The issue is related to insufficient access control in the Web Console of JBoss Enterprise Application Platform, which can be exploited by a remote attacker to obtain sensitive information. This can be achieved by sending a specially crafted request using a method other than GET or POST.

Recommendations For Red Hat JBoss Enterprise Application Platform versions 4.2 through 4.2.0.CP08, update to version 4.2.0.CP09 or later. For Red Hat JBoss Enterprise Application Platform versions 4.3 through 4.3.0.CP07, update to version 4.3.0.CP08 or later. As a temporary workaround, consider restricting access to the Web Console to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-749CWE-264

Related Identifiers

BDU:2022-05191

CVE-2010-1428

RHSA-2010:0376

RHSA-2010:0377

RHSA-2010:0378

RHSA-2010:0379

Affected Products

Red Hat Jboss Enterprise Application Platform

PT-2010-1180 · Red Hat · Red Hat Jboss Enterprise Application Platform

CVE-2010-1428

Weakness Enumeration

Related Identifiers

Affected Products

References · 22