The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
13 Feb 2023, 04:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method. |
02 Feb 2023, 17:17
Type | Values Removed | Values Added |
---|---|---|
Summary | CVE-2010-0738 JBoss EAP jmx authentication bypass with crafted HTTP request | |
References |
|
Information
Published : 2010-04-28 22:30
Updated : 2023-12-10 11:03
NVD link : CVE-2010-0738
Mitre link : CVE-2010-0738
CVE.ORG link : CVE-2010-0738
JSON object : View
Products Affected
redhat
- jboss_enterprise_application_platform
CWE
CWE-264
Permissions, Privileges, and Access Controls