CVE-2010-0738 Scanner
Detects 'Improper Access Control' vulnerability in JBossAs affects v. 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08.
Short Info
Level
Medium
Type
Single Scan
Can be used by
Asset Owner
Estimated Time
15 sec
Scan only one
Domain, Ipv4
Parent Category
CVE-2010-0738 Scanner Detail
JBossAs is a well-known Java-based application server that is widely used to deploy and host Java-based web applications. It provides a comprehensive set of features and tools to configure, deploy, and monitor web applications. JBossAs, also known as Red Hat JBoss Enterprise Application Platform, is a commercial distribution of JBoss, which is a community-driven, open-source project.
One of the known vulnerabilities in JBossAS is CVE-2010-0738, which is caused by a flaw in the access control mechanism of the JMX-Console web application. The vulnerability allows remote attackers to send requests to this application's GET handler by using a different HTTP method. This means that even if the access control check is implemented on GET and POST methods, attackers can still exploit the application by using other HTTP methods.
Exploiting CVE-2010-0738 can lead to arbitrary code execution and unauthorized access to sensitive data, such as application configuration files and credentials. Attackers can use this vulnerability to gain full control of the affected web application and compromise the entire system. In some cases, the attackers may also use the compromised system as a launching pad for further attacks on the organization's network.
Thanks to the pro features of the securityforeveryone.com platform, readers can easily and quickly learn about vulnerabilities in their digital assets. By leveraging the platform's advanced scanning and analytics capabilities, users can identify vulnerabilities in their systems and take proactive measures to secure them. Additionally, the platform provides actionable recommendations and best practices to help users strengthen their security posture and defend against emerging threats. With securityforeveryone.com, users can stay ahead of the curve and ensure the safety and integrity of their digital assets.
REFERENCES
- rhn.redhat.com: RHSA-2010:0379
- rhn.redhat.com: RHSA-2010:0378
- https://bugzilla.redhat.com/show_bug.cgi?id=574105
- rhn.redhat.com: RHSA-2010:0376
- securityreason.com: 8408
- rhn.redhat.com: RHSA-2010:0377
- http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=35
- vupen.com: ADV-2010-0992
- marc.info: HPSBMU02714
- exchange.xforce.ibmcloud.com: jboss-jmxconsole-security-bypass(58147)
- marc.info: SSRT100244
- securityfocus.com: 39710
- secunia.com: 39563
- securitytracker.com: 1023918
control security posture