VRDA Feed by JPCERT/CC
  Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis
[ about VRDA Feed | JPCERT/CC



 
Vulnerability Analysis Result (Revision No : 1) [ Download XML
CVE-2010-1429
jboss_enterprise_application_platform: Red Hat JBoss Enterprise Application Platform (aka ...
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1429

Original

Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression.

Translation   (Show)





About This Analysis Information
Analysis Information Provider:
NIST NVD
First Published:
2010-04-28
Source Information Category:
Advisory, Alert
Last Updated:
2010-04-29




Affected Product Tags
cpe:/a:redhat:jboss_enterprise_application_platform:4.2
cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0:cp01
cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0:cp02
cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0:cp03
cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0:cp04
cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0:cp05
cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0:cp06
cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0:cp07
cpe:/a:redhat:jboss_enterprise_application_platform:4.2.0:cp08 and previous versions
cpe:/a:redhat:jboss_enterprise_application_platform:4.3
cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0:cp01
cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0:cp02
cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0:cp03
cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0:cp04
cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0:cp05
cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0:cp06
cpe:/a:redhat:jboss_enterprise_application_platform:4.3.0:cp07 and previous versions
 


Vulnerability Analysis Results
[Access Vector]  [?]
Undefined [?]

Local [?]
Adjacent Network [?]
X Network [?]
[Access Complexit]  [?]
Undefined [?]

High [?]
Medium [?]
X Low [?]
[Authentication]  [?]
Undefined [?]

Multiple [?]
Single [?]
X None [?]
[Confidentiality Impact]  [?]
Undefined [?]

None [?]
X Partial [?]
Complete [?]
[Integrity Impact]  [?]
Undefined [?]

X None [?]
Partial [?]
Complete [?]
[Availability Impact]  [?]
Undefined [?]

X None [?]
Partial [?]
Complete [?]
Alternatives




References
BID 39710




CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=585900




REDHAT RHSA-2010:0379




REDHAT RHSA-2010:0378




REDHAT RHSA-2010:0377




REDHAT RHSA-2010:0376




SECTRACK 1023918




SECUNIA 39563




VUPEN ADV-2010-0992




Vulnerability Type Permissions, Privileges, and Access Control (CWE-264)




XF jboss-status-servlet-information-disclosure(58149)




Copyright © 2010 JPCERT/CC All Rights Reserved.