Back to search
CVE-2010-1428
Published: Apr 28, 2010
Modified: Oct 22, 2025
PUBLISHED
Description
The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to obtain sensitive information via an unspecified request that uses a different method.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
RHSA-2010:0379
vendor-advisory
x_refsource_REDHAT
RHSA-2010:0378
vendor-advisory
x_refsource_REDHAT
jboss-webconsole-information-disclosure(58148)
vdb-entry
x_refsource_XF
HPSBMU02736
vendor-advisory
x_refsource_HP
RHSA-2010:0376
vendor-advisory
x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=585899
x_refsource_CONFIRM
RHSA-2010:0377
vendor-advisory
x_refsource_REDHAT
SSRT100699
vendor-advisory
x_refsource_HP
ADV-2010-0992
vdb-entry
x_refsource_VUPEN
1023917
vdb-entry
x_refsource_SECTRACK
39710
vdb-entry
x_refsource_BID
39563
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now