Back to search
CVE-2010-0738
Published: Apr 28, 2010
Modified: Oct 22, 2025
PUBLISHED
Description
The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
RHSA-2010:0379
vendor-advisory
x_refsource_REDHAT
RHSA-2010:0378
vendor-advisory
x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=574105
x_refsource_CONFIRM
RHSA-2010:0376
vendor-advisory
x_refsource_REDHAT
8408
third-party-advisory
x_refsource_SREASON
RHSA-2010:0377
vendor-advisory
x_refsource_REDHAT
ADV-2010-0992
vdb-entry
x_refsource_VUPEN
HPSBMU02714
vendor-advisory
x_refsource_HP
jboss-jmxconsole-security-bypass(58147)
vdb-entry
x_refsource_XF
SSRT100244
vendor-advisory
x_refsource_HP
39710
vdb-entry
x_refsource_BID
39563
third-party-advisory
x_refsource_SECUNIA
1023918
vdb-entry
x_refsource_SECTRACK
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now