Vulnerability Description
Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about "deployed web contexts" via a request to the status servlet, as demonstrated by a full=true query string. NOTE: this issue exists because of a CVE-2008-3273 regression.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Jboss Enterprise Application Platform | <= 4.2.0 |
Related Weaknesses (CWE)
References
- http://marc.info/?l=bugtraq&m=132698550418872&w=2
- http://secunia.com/advisories/39563Vendor Advisory
- http://securitytracker.com/id?1023918
- http://www.securityfocus.com/bid/39710
- http://www.vupen.com/english/advisories/2010/0992Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=585900
- https://exchange.xforce.ibmcloud.com/vulnerabilities/58149
- https://rhn.redhat.com/errata/RHSA-2010-0376.htmlVendor Advisory
- https://rhn.redhat.com/errata/RHSA-2010-0377.htmlVendor Advisory
- https://rhn.redhat.com/errata/RHSA-2010-0378.htmlVendor Advisory
- https://rhn.redhat.com/errata/RHSA-2010-0379.htmlVendor Advisory
- https://www.exploit-db.com/exploits/44009/
- http://marc.info/?l=bugtraq&m=132698550418872&w=2
- http://secunia.com/advisories/39563Vendor Advisory
- http://securitytracker.com/id?1023918
FAQ
What is CVE-2010-1429?
CVE-2010-1429 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 allows remote attackers to obtain sensitive information about "deployed web conte...
How severe is CVE-2010-1429?
CVE-2010-1429 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-1429?
Check the references section above for vendor advisories and patch information. Affected products include: Redhat Jboss Enterprise Application Platform.