VRDA Feed : Provides information for vulnerability impact analysis

VRDA Feed by

Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis

[ about VRDA Feed | JPCERT/CC ]

Vulnerability Analysis Result (Revision No : 1)

[ Download XML ]

CVE-2010-0738

jboss_enterprise_application_platform: The JMX-Console web application in JBossAs in Red H...

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0738

Original

The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method.

Translation (Show)

About This Analysis Information

Analysis Information Provider:

NIST NVD

First Published:

2010-04-28

Source Information Category:

Advisory, Alert

Last Updated:

2010-04-29

Affected Product Tags

cpe:/a:redhat:jboss_enterprise_application_platform:4.2

cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0:cp01

cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0:cp02

cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0:cp03

cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0:cp04

cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0:cp05

cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0:cp06

cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0:cp07

cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0:cp08

cpe:/a:redhat:jboss_enterprise_application_platform:4.3

cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0:cp01

cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0:cp02

cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0:cp03

cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0:cp04

cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0:cp05

cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0:cp06

cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0:cp07

Vulnerability Analysis Results

[Access Vector] ^[?]

Undefined^[?]

Local^[?]

Adjacent Network^[?]

Network^[?]

[Access Complexit] ^[?]

Undefined^[?]

High^[?]

Medium^[?]

Low^[?]

[Authentication] ^[?]

Undefined^[?]

Multiple^[?]

Single^[?]

None^[?]

[Confidentiality Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Integrity Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Availability Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

Alternatives

References

BID 39710

CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=574105

REDHAT RHSA-2010:0379

REDHAT RHSA-2010:0378

REDHAT RHSA-2010:0377

REDHAT RHSA-2010:0376

SECTRACK 1023918

SECUNIA 39563

VUPEN ADV-2010-0992

Vulnerability Type Permissions, Privileges, and Access Control (CWE-264)

XF jboss-jmxconsole-security-bypass(58147)