CVE-2010-2493
Published Aug 10, 2010
Last updated 14 years ago
Overview
- Description
- The default configuration of the deployment descriptor (aka web.xml) in picketlink-sts.war in (1) the security_saml quickstart, (2) the webservice_proxy_security quickstart, (3) the web-console application, (4) the http-invoker application, (5) the gpd-deployer application, (6) the jbpm-console application, (7) the contract application, and (8) the uddi-console application in JBoss Enterprise SOA Platform before 5.0.2 contains GET and POST http-method elements, which allows remote attackers to bypass intended access restrictions via a crafted HTTP request.
- Source
- secalert@redhat.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-16
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "382AECCB-2DCE-4E5A-B764-E919F5AAF16C",
"versionEndIncluding": "5.0.1"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CDEABE3E-DC3E-4B98-8433-4308BBEE6F26"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.2.0:cp01:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "70942A41-9089-4313-8B00-5CB92518A349"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.2.0:cp02:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "093F7EA4-B190-49A5-AF55-42D4F960EEFE"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.2.0:cp03:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "75CBF063-6986-4217-BC8E-661B5167AB2A"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.2.0:cp04:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3F6528B6-1147-4366-8F81-8B380903EAA6"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.2.0:cp05:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4EF1898E-1A25-442B-865F-1C27B9E5F0D1"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.2.0:tp02:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "92953D9C-8FF0-4499-A4A4-3B05696D326E"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C57B8004-AF15-4F0F-B9FA-A3CFF7BD42DE"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.3.0:cp01:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "66F4FC45-CF67-44E4-96CA-31B537151C7E"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.3.0:cp02:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E7CF5F63-C7A8-4787-9620-F5B76A9F0F3E"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.3.0:cp03:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9BCA6581-3C94-4B1B-B30F-E0B854A68968"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:4.3.0:cp04:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "23F0650B-C39D-4C7D-8BB9-BBA951BA8AAE"
},
{
"criteria": "cpe:2.3:a:redhat:jboss_enterprise_soa_platform:5.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DFB8FED0-E0C6-409C-A2D8-B3999265D545"
}
],
"operator": "OR"
}
]
}
]