Back to search
CVE-2010-1429
Published: Apr 28, 2010
Modified: Aug 7, 2024
PUBLISHED
Description
Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
RHSA-2010:0379
vendor-advisory
x_refsource_REDHAT
RHSA-2010:0378
vendor-advisory
x_refsource_REDHAT
HPSBMU02736
vendor-advisory
x_refsource_HP
RHSA-2010:0376
vendor-advisory
x_refsource_REDHAT
RHSA-2010:0377
vendor-advisory
x_refsource_REDHAT
jboss-status-servlet-information-disclosure(58149)
vdb-entry
x_refsource_XF
SSRT100699
vendor-advisory
x_refsource_HP
ADV-2010-0992
vdb-entry
x_refsource_VUPEN
44009
exploit
x_refsource_EXPLOIT-DB
39710
vdb-entry
x_refsource_BID
39563
third-party-advisory
x_refsource_SECUNIA
1023918
vdb-entry
x_refsource_SECTRACK
https://bugzilla.redhat.com/show_bug.cgi?id=585900
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now