PT-2010-3122 · Red Hat · Red Hat Jboss Enterprise Application Platform
Marc Schoenefeld
·
Published
2010-04-28
·
Updated
2023-02-13
·
CVE-2010-1429
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Red Hat JBoss Enterprise Application Platform versions 4.2 before 4.2.0.CP09
Red Hat JBoss Enterprise Application Platform versions 4.3 before 4.3.0.CP08
Description
The issue allows remote attackers to obtain sensitive information about deployed web contexts via a request to the status servlet. This can be achieved by including a full=true query string in the request.
Recommendations
For Red Hat JBoss Enterprise Application Platform versions 4.2 before 4.2.0.CP09, update to 4.2.0.CP09 or later.
For Red Hat JBoss Enterprise Application Platform versions 4.3 before 4.3.0.CP08, update to 4.3.0.CP08 or later.
As a temporary workaround, consider restricting access to the status servlet to minimize the risk of exploitation.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Red Hat Jboss Enterprise Application Platform