CVE-2010-1428

Published: Apr 28, 2010Modified: Apr 22, 2026CISA KEV

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to obtain sensitive information via an unspecified request that uses a different method.

Affected (2)

Products: Redhat: Jboss Enterprise Application Platform

1 product

Jboss Enterprise Application Platform

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Redhat Jboss Enterprise Application Platform	Version 4.2.0
Redhat Jboss Enterprise Application Platform	Version 4.3.0

Related CWEs

Exposed Dangerous Method or Function

The product provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted.

References (23)

http://marc.info/?l=bugtraq&m=132698550418872&w=2

Source: secalert@redhat.com

ExploitMailing List

http://secunia.com/advisories/39563

Source: secalert@redhat.com

Broken LinkVendor Advisory

http://securitytracker.com/id?1023917

Source: secalert@redhat.com

Broken LinkThird Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/39710

Source: secalert@redhat.com

Broken LinkThird Party AdvisoryVDB Entry

http://www.vupen.com/english/advisories/2010/0992

Source: secalert@redhat.com

Broken LinkVendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=585899

Source: secalert@redhat.com

Issue Tracking

https://exchange.xforce.ibmcloud.com/vulnerabilities/58148

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

https://rhn.redhat.com/errata/RHSA-2010-0376.html

Source: secalert@redhat.com

Broken LinkVendor Advisory

https://rhn.redhat.com/errata/RHSA-2010-0377.html

Source: secalert@redhat.com

Broken Link

https://rhn.redhat.com/errata/RHSA-2010-0378.html

Source: secalert@redhat.com

Broken Link

https://rhn.redhat.com/errata/RHSA-2010-0379.html

Source: secalert@redhat.com

Vendor Advisory

http://marc.info/?l=bugtraq&m=132698550418872&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitMailing List

http://secunia.com/advisories/39563

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkVendor Advisory

http://securitytracker.com/id?1023917

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/39710

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party AdvisoryVDB Entry

http://www.vupen.com/english/advisories/2010/0992

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkVendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=585899

Source: af854a3a-2127-422b-91ae-364da2661108

Issue Tracking

https://exchange.xforce.ibmcloud.com/vulnerabilities/58148

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://rhn.redhat.com/errata/RHSA-2010-0376.html

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkVendor Advisory

https://rhn.redhat.com/errata/RHSA-2010-0377.html

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://rhn.redhat.com/errata/RHSA-2010-0378.html

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://rhn.redhat.com/errata/RHSA-2010-0379.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-1428

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Broken Link

Timeline

No history available yet.