Required CVE Record Information
Description
The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to obtain sensitive information via an unspecified request that uses a different method.
References 12 Total
- rhn.redhat.com: RHSA-2010:0379 vendor-advisory
- rhn.redhat.com: RHSA-2010:0378 vendor-advisory
- exchange.xforce.ibmcloud.com: jboss-webconsole-information-disclosure(58148) vdb-entry
- marc.info: HPSBMU02736 vendor-advisory
- rhn.redhat.com: RHSA-2010:0376 vendor-advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=585899
- rhn.redhat.com: RHSA-2010:0377 vendor-advisory
- marc.info: SSRT100699 vendor-advisory
- vupen.com: ADV-2010-0992 vdb-entry
- securitytracker.com: 1023917 vdb-entry
- securityfocus.com: 39710 vdb-entry
- secunia.com: 39563 third-party-advisory
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 12 Total
- rhn.redhat.com: RHSA-2010:0379 vendor-advisoryx_transferred
- rhn.redhat.com: RHSA-2010:0378 vendor-advisoryx_transferred
- exchange.xforce.ibmcloud.com: jboss-webconsole-information-disclosure(58148) vdb-entryx_transferred
- marc.info: HPSBMU02736 vendor-advisoryx_transferred
- rhn.redhat.com: RHSA-2010:0376 vendor-advisoryx_transferred
- https://bugzilla.redhat.com/show_bug.cgi?id=585899 x_transferred
- rhn.redhat.com: RHSA-2010:0377 vendor-advisoryx_transferred
- marc.info: SSRT100699 vendor-advisoryx_transferred
- vupen.com: ADV-2010-0992 vdb-entryx_transferred
- securitytracker.com: 1023917 vdb-entryx_transferred
- securityfocus.com: 39710 vdb-entryx_transferred
- secunia.com: 39563 third-party-advisoryx_transferred