CVE-2010-1429

Sažetak

Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression.

Reference

https://rhn.redhat.com/errata/RHSA-2010-0377.html
http://securitytracker.com/id?1023918
http://secunia.com/advisories/39563
http://www.vupen.com/english/advisories/2010/0992
http://www.securityfocus.com/bid/39710
https://bugzilla.redhat.com/show_bug.cgi?id=585900
https://rhn.redhat.com/errata/RHSA-2010-0379.html
https://rhn.redhat.com/errata/RHSA-2010-0378.html
https://rhn.redhat.com/errata/RHSA-2010-0376.html
http://marc.info/?l=bugtraq&m=132698550418872&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/58149
https://www.exploit-db.com/exploits/44009/

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

07-11-2023 - 02:05

Objavljeno

28-04-2010 - 22:30