CVE-2010-1429
CVE-2010-1429
Vexday Risk Score
30Low
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS —EPSS 53.7%KEV nãoPoC —Nuclei simMetasploit simPatch referenciado
Lifecycle
28 Apr 2010Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression.
Affected products
n/a · n/aReferences
http://marc.info/?l=bugtraq&m=132698550418872&w=2https://bugzilla.redhat.com/show_bug.cgi?id=585900http://secunia.com/advisories/39563http://securitytracker.com/id?1023918https://exchange.xforce.ibmcloud.com/vulnerabilities/58149https://rhn.redhat.com/errata/RHSA-2010-0376.htmlhttps://rhn.redhat.com/errata/RHSA-2010-0377.htmlhttps://rhn.redhat.com/errata/RHSA-2010-0378.htmlhttps://rhn.redhat.com/errata/RHSA-2010-0379.htmlhttps://www.exploit-db.com/exploits/44009/http://www.securityfocus.com/bid/39710http://www.vupen.com/english/advisories/2010/0992