CVE-2010-1429 Scanner
Detects 'Information Disclosure' vulnerability in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) affects v. 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08.
Short Info
Level
Medium
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 sec
Scan only one
Url
Toolbox
-
Red Hat JBoss Enterprise Application Platform, also known as JBoss EAP or JBEAP, is an open-source Java EE-based application server. It is used by organizations to build and deploy Java-based web applications and services. JBoss EAP is a highly modular and scalable platform that offers a range of features that can meet the diverse needs of enterprise applications. The platform is widely used by organizations across industries, including finance, healthcare, and retail.
CVE-2010-1429 is a vulnerability detected in JBoss EAP 4.2 and 4.3. This flaw allows remote attackers to gain access to sensitive information about deployed web contexts by sending a request to the status servlet with the full=true query string parameter. This vulnerability exists due to a regression in CVE-2008-3273, which affects the way that JBoss EAP processes certain requests. The impact of this vulnerability can be severe and can compromise the confidentiality of sensitive information.
Exploiting this vulnerability can lead to a data breach, as an attacker can gain access to sensitive information about the deployed web contexts. This information can include usernames, passwords, and other details that can be used to launch further attacks on the targeted system or the organization. This vulnerability can also allow attackers to gain unauthorized access to the system, which can result in malicious activity or unauthorized modifications to the system.
Thanks to the pro features of the securityforeveryone.com platform, readers of this article can easily and quickly learn about vulnerabilities in their digital assets. The platform offers a range of tools and features designed to help organizations identify and mitigate vulnerabilities in their systems, ensuring that their digital assets are secure and protected against attacks. With real-time alerts, automated vulnerability scanning, and detailed reporting, securityforeveryone.com provides a comprehensive solution to the security challenges facing modern organizations.
REFERENCES
- rhn.redhat.com: RHSA-2010:0379
- rhn.redhat.com: RHSA-2010:0378
- marc.info: HPSBMU02736
- rhn.redhat.com: RHSA-2010:0376
- rhn.redhat.com: RHSA-2010:0377
- exchange.xforce.ibmcloud.com: jboss-status-servlet-information-disclosure(58149)
- marc.info: SSRT100699
- vupen.com: ADV-2010-0992
- exploit-db.com: 44009
- securityfocus.com: 39710
- secunia.com: 39563
- securitytracker.com: 1023918
- https://bugzilla.redhat.com/show_bug.cgi?id=585900
control security posture