CVE-2010-1429

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression.

References

http://marc.info/?l=bugtraq&m=132698550418872&w=2

http://secunia.com/advisories/39563

http://securitytracker.com/id?1023918

http://www.securityfocus.com/bid/39710

http://www.vupen.com/english/advisories/2010/0992

https://bugzilla.redhat.com/show_bug.cgi?id=585900

https://exchange.xforce.ibmcloud.com/vulnerabilities/58149

https://rhn.redhat.com/errata/RHSA-2010-0376.html

https://rhn.redhat.com/errata/RHSA-2010-0377.html

https://rhn.redhat.com/errata/RHSA-2010-0378.html

https://rhn.redhat.com/errata/RHSA-2010-0379.html

https://www.exploit-db.com/exploits/44009/

Details

Source: MITRE

Published: 2010-04-28

Updated: 2018-02-13

Type: CWE-264

Risk Information

CVSS v2

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

Tenable Plugins

View all (7 total)

IDNameProductFamilySeverity
80195Juniper Junos Space < 13.3R1.8 Multiple Vulnerabilities (JSA10627)NessusJunos Local Security Checks
critical
63931RHEL 5 : JBoss EAP (RHSA-2010:0379)NessusRed Hat Local Security Checks
medium
63930RHEL 5 : JBoss EAP (RHSA-2010:0378)NessusRed Hat Local Security Checks
medium
63929RHEL 4 : JBoss EAP (RHSA-2010:0377)NessusRed Hat Local Security Checks
medium
63928RHEL 4 : JBoss EAP (RHSA-2010:0376)NessusRed Hat Local Security Checks
medium
5521JBoss EAP < 4.2.0.CP09 / 4.3.0.CP08 Multiple VulnerabilitiesNessus Network MonitorWeb Servers
high
33869JBoss Enterprise Application Platform (EAP) Status Servlet Request Remote Information DisclosureNessusCGI abuses
medium