CVE-2010-1429

Published Apr 28, 2010

Last updated a year ago

Overview

Description: Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression.
Source: secalert@redhat.com
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-264

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:*:cp08:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E8E0B7BE-9F4D-4083-B08A-13CA20422820",
            "versionEndIncluding": "4.2.0"
          },
          {
            "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:*:cp07:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4906489F-828A-4351-8D5B-A989CED8E4A5",
            "versionEndIncluding": "4.3.0"
          },
          {
            "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E9830D64-C46F-4423-BE0B-0B1FDB765D62"
          },
          {
            "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp01:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "599FBAC3-2E83-443B-AACB-99BBA896CB19"
          },
          {
            "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp02:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "43590B58-A1C7-4105-A00F-6C4F46A6CC5B"
          },
          {
            "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp03:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A44F907E-AE57-4213-B001-A23319B72CF8"
          },
          {
            "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp04:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "243ED156-851C-4897-AF59-86FCA5C9C66F"
          },
          {
            "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp05:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "125BF8B0-AF1B-4FB1-9D41-D9FB30AE23FC"
          },
          {
            "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp06:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A3E7C299-8A2D-4733-98AC-F6FA37CC1C6C"
          },
          {
            "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp07:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7398F80B-8318-40E7-A0EE-6CCF7E066C03"
          },
          {
            "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D4816097-6982-4FBA-BD34-3D24BCA5A56A"
          },
          {
            "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp01:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2B3E4026-F98E-4AEB-9FE1-4FFBBF44AC55"
          },
          {
            "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp02:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "960A513A-CAFC-4B3D-ABD7-4659CF545C73"
          },
          {
            "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp03:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C2D8DC6D-5E39-4A53-8BB8-F998706D573F"
          },
          {
            "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp04:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3AA2D64E-D7E7-400D-AC7E-CB2045750791"
          },
          {
            "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp05:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "197F047B-E11C-4B79-B6C4-79B2C278A33F"
          },
          {
            "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp06:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CCE383FE-3C03-4B4F-A2E6-AD673F8A44FE"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References