Vulnerability Details : CVE-2010-1429
Public exploit exists!
Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression.
Products affected by CVE-2010-1429
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:*:cp07:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:*:cp08:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp03:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp04:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp02:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp01:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp01:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp02:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp03:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp04:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp05:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp06:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp07:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp06:*:*:*:*:*:*
- cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp05:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2010-1429
0.57%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 75 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2010-1429
-
JBoss Vulnerability Scanner
First seen: 2020-04-26auxiliary/scanner/http/jboss_vulnscanThis module scans a JBoss instance for a few vulnerabilities. Authors: - Tyler Krpata - Zach Grace <@ztgrace> -
JBoss Status Servlet Information Gathering
First seen: 2020-04-26auxiliary/scanner/http/jboss_statusThis module queries the JBoss status servlet to collect sensitive information, including URL paths, GET parameters and client IP addresses. This module has been tested against JBoss 4.0, 4.2.2 and 4.2.3. Authors: - Matteo Cantoni <goony@nothink.org>
CVSS scores for CVE-2010-1429
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2010-1429
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-1429
-
http://www.securityfocus.com/bid/39710
JBoss Enterprise Application Platform Multiple Vulnerabilities
-
http://marc.info/?l=bugtraq&m=132698550418872&w=2
'[security bulletin] HPSBMU02736 SSRT100699 rev.1 - HP Business Availability Center (BAC) and Busines' - MARC
-
https://rhn.redhat.com/errata/RHSA-2010-0377.html
Red Hat Customer PortalVendor Advisory
-
http://securitytracker.com/id?1023918
JBoss Enterprise Application Platform Bugs Let Remote Users Bypass Authentication and Access Potentially Sensitive Information - SecurityTracker
-
https://www.exploit-db.com/exploits/44009/
404 Page Not Found | Exploit Database
-
https://rhn.redhat.com/errata/RHSA-2010-0376.html
Red Hat Customer PortalVendor Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=585900
585900 – (CVE-2010-1429) CVE-2010-1429 JBossEAP status servlet info leak
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/58149
Red Hat JBoss Enterprise Application Platform status servlet information disclosure CVE-2010-1429 Vulnerability Report
-
https://rhn.redhat.com/errata/RHSA-2010-0379.html
RHSA-2010:0379 - Security Advisory - Red Hat Customer PortalVendor Advisory
-
https://rhn.redhat.com/errata/RHSA-2010-0378.html
Red Hat Customer PortalVendor Advisory
-
http://www.vupen.com/english/advisories/2010/0992
Webmail | OVH- OVHVendor Advisory
Jump to