CVE-2010-1429
CVE-2010-1429
Vexday Risk Score
30Baixo
Decisão SSVC (CISA)
Attend
PoC disponível → acompanhar de perto
Maturidade do exploit
Exploit funcional
Exploit automatizável disponível (Nuclei/Metasploit).
CVSS —EPSS 53.7%KEV nãoPoC —Nuclei simMetasploit simPatch referenciado
Ciclo de vida
28 abr 2010Publicada no NVD
Recomendação: Planejar correção próxima — já existe PoC pública.
Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression.
Produtos afetados
n/a · n/aReferências
http://marc.info/?l=bugtraq&m=132698550418872&w=2https://bugzilla.redhat.com/show_bug.cgi?id=585900http://secunia.com/advisories/39563http://securitytracker.com/id?1023918https://exchange.xforce.ibmcloud.com/vulnerabilities/58149https://rhn.redhat.com/errata/RHSA-2010-0376.htmlhttps://rhn.redhat.com/errata/RHSA-2010-0377.htmlhttps://rhn.redhat.com/errata/RHSA-2010-0378.htmlhttps://rhn.redhat.com/errata/RHSA-2010-0379.htmlhttps://www.exploit-db.com/exploits/44009/http://www.securityfocus.com/bid/39710http://www.vupen.com/english/advisories/2010/0992