VRDA Feed : Provides information for vulnerability impact analysis

VRDA Feed by

Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis

[ about VRDA Feed | JPCERT/CC ]

Vulnerability Analysis Result (Revision No : 1)

[ Download XML ]

CVE-2010-1428

jboss_enterprise_application_platform: The Web Console (aka web-console) in JBossAs in Red...

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1428

Original

The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to obtain sensitive information via an unspecified request that uses a different method.

Translation (Show)

About This Analysis Information

Analysis Information Provider:

NIST NVD

First Published:

2010-04-28

Source Information Category:

Advisory, Alert

Last Updated:

2010-04-29

Affected Product Tags

cpe:/a:redhat:jboss_enterprise_application_platform:4.2

cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0:cp01

cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0:cp02

cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0:cp03

cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0:cp04

cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0:cp05

cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0:cp06

cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0:cp07

cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0:cp08 and previous versions

cpe:/a:redhat:jboss_enterprise_application_platform:4.3

cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0:cp01

cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0:cp02

cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0:cp03

cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0:cp04

cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0:cp05

cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0:cp06

cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0:cp07 and previous versions

Vulnerability Analysis Results

[Access Vector] ^[?]

Undefined^[?]

Local^[?]

Adjacent Network^[?]

Network^[?]

[Access Complexit] ^[?]

Undefined^[?]

High^[?]

Medium^[?]

Low^[?]

[Authentication] ^[?]

Undefined^[?]

Multiple^[?]

Single^[?]

None^[?]

[Confidentiality Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Integrity Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Availability Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

Alternatives

References

BID 39710

CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=585899

REDHAT RHSA-2010:0379

REDHAT RHSA-2010:0378

REDHAT RHSA-2010:0377

REDHAT RHSA-2010:0376

SECTRACK 1023917

SECUNIA 39563

VUPEN ADV-2010-0992

Vulnerability Type Permissions, Privileges, and Access Control (CWE-264)

XF jboss-webconsole-information-disclosure(58148)