CVE-2010-0738

{"id": "CVE-2010-0738", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2010-04-28T22:30:00.447", "references": [{"url": "http://marc.info/?l=bugtraq&m=132129312609324&w=2", "source": "secalert@redhat.com"}, {"url": "http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=35", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/39563", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://securityreason.com/securityalert/8408", "source": "secalert@redhat.com"}, {"url": "http://securitytracker.com/id?1023918", "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/39710", "source": "secalert@redhat.com"}, {"url": "http://www.vupen.com/english/advisories/2010/0992", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=574105", "source": "secalert@redhat.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58147", "source": "secalert@redhat.com"}, {"url": "https://rhn.redhat.com/errata/RHSA-2010-0376.html", "source": "secalert@redhat.com"}, {"url": "https://rhn.redhat.com/errata/RHSA-2010-0377.html", "source": "secalert@redhat.com"}, {"url": "https://rhn.redhat.com/errata/RHSA-2010-0378.html", "source": "secalert@redhat.com"}, {"url": "https://rhn.redhat.com/errata/RHSA-2010-0379.html", "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method."}, {"lang": "es", "value": "La aplicaci\u00f3n web JMX-Console en JBossAs en Red Hat JBoss Enterprise Application Platform (conocido como JBoss EAP o JBEAP) v4.2 anterior v4.2.0.CP09 y v4.3 anterior v4.3.0.CP08 realiza un control de acceso s\u00f3lo para los m\u00e9todos GET y POST, lo que permite a a atacantes remotos enviar peticiones en el manejador GET de la aplicaci\u00f3n que usan un m\u00e9todo diferente. \r\n"}], "lastModified": "2023-02-13T04:16:44.297", "cisaActionDue": "2022-06-15", "cisaExploitAdd": "2022-05-25", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E9830D64-C46F-4423-BE0B-0B1FDB765D62"}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp01:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "599FBAC3-2E83-443B-AACB-99BBA896CB19"}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp02:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "43590B58-A1C7-4105-A00F-6C4F46A6CC5B"}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp03:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A44F907E-AE57-4213-B001-A23319B72CF8"}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp04:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "243ED156-851C-4897-AF59-86FCA5C9C66F"}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp05:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "125BF8B0-AF1B-4FB1-9D41-D9FB30AE23FC"}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp06:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A3E7C299-8A2D-4733-98AC-F6FA37CC1C6C"}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp07:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7398F80B-8318-40E7-A0EE-6CCF7E066C03"}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.2.0:cp08:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F13F52B9-88F8-4F56-BF91-C6FEF22F067D"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D4816097-6982-4FBA-BD34-3D24BCA5A56A"}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp01:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2B3E4026-F98E-4AEB-9FE1-4FFBBF44AC55"}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp02:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "960A513A-CAFC-4B3D-ABD7-4659CF545C73"}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp03:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C2D8DC6D-5E39-4A53-8BB8-F998706D573F"}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp04:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3AA2D64E-D7E7-400D-AC7E-CB2045750791"}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp05:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "197F047B-E11C-4B79-B6C4-79B2C278A33F"}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp06:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CCE383FE-3C03-4B4F-A2E6-AD673F8A44FE"}, {"criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:4.3.0:cp07:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "62A85D7D-B60A-4566-BA4B-2F74E452C4EE"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Red Hat JBoss Authentication Bypass Vulnerability"}